CVE-2025-48988

HIGH

Apache Tomcat <11.0.7 - Allocation of Resources Without Limits or T...

Title source: llm

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Exploits (2)

github WORKING POC 2 stars

by nankuo · pythonpoc

https://github.com/nankuo/CVE-2025-48976_CVE-2025-48988

View Code ZIP pw:eip

nomisec WORKING POC

by Samb102 · poc

https://github.com/Samb102/POC-CVE-2025-48988-CVE-2025-48976

View Code ZIP pw:eip

References (3)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2025/06/16/1

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html

Scores

CVSS v3 7.5

EPSS 0.0020

EPSS Percentile 41.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-770

Status published

Affected Products (3)

apache/tomcat < 9.0.106

org.apache.tomcat/tomcat-catalina < 11.0.8Maven

org.apache.tomcat.embed/tomcat-embed-core < 11.0.8Maven

Timeline

Published Jun 16, 2025

Tracked Since Feb 18, 2026