CVE-2025-48988

HIGH

Apache Tomcat - Allocation of Resources Without Limits or Throttling

Title source: llm

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Exploits (2)

github WORKING POC 2 stars

by nankuo · pythonpoc

https://github.com/nankuo/CVE-2025-48976_CVE-2025-48988

View Code ZIP pw:eip

nomisec WORKING POC

by Samb102 · poc

https://github.com/Samb102/POC-CVE-2025-48988-CVE-2025-48976

View Code ZIP pw:eip

References (3)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2025/06/16/1

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html

Scores

CVSS v3 7.5

EPSS 0.0076

EPSS Percentile 73.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (3)

apache/tomcat 9.0.0 - 9.0.106

org.apache.tomcat/tomcat-catalina 11.0.0-M1 - 11.0.8Maven

org.apache.tomcat.embed/tomcat-embed-core 11.0.0-M1 - 11.0.8Maven

Published Jun 16, 2025

Tracked Since Feb 18, 2026