CVE-2025-48988Allocation of Resources Without Limits or Throttling in Apache Tomcat

CWE-770Allocation of Resources Without Limits or Throttling9 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 26.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache TomcatApache Software Foundation Apache Tomcat
Timeline
PublishedJun 16
Latest updateOct 15

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/tomcat9.0.09.0.106+2
CVEListV5apache_software_foundation/apache_tomcat11.0.0-M111.0.7+3

🔴Vulnerability Details

4
CVEList
Apache Tomcat: FileUpload large number of parts with headers DoS2025-06-16
GHSA
Apache Tomcat - DoS in multipart upload2025-06-16
OSV
CVE-2025-48988: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat2025-06-16
OSV
Apache Tomcat - DoS in multipart upload2025-06-16

📋Vendor Advisories

4
Oracle
Oracle Oracle Siebel CRM Risk Matrix: User Interface (Apache Tomcat) — CVE-2025-489882025-10-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Apache Tomcat) — CVE-2025-489882025-07-15
Red Hat
tomcat: Apache Tomcat DoS in multipart upload2025-06-16
Debian
CVE-2025-48988: tomcat10 - Allocation of Resources Without Limits or Throttling vulnerability in Apache Tom...2025
CVE-2025-48988 — Apache Tomcat vulnerability | cvebase