CVE-2025-48988
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-16
Last updated on: 2025-11-03
Assigner: Apache Software Foundation
Description
Description
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | tomcat | From 9.0.0 (inc) to 9.0.106 (exc) |
| apache | tomcat | From 10.1.0 (inc) to 10.1.42 (exc) |
| apache | tomcat | From 11.0.0 (inc) to 11.0.8 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Apache Tomcat involves the allocation of resources without limits or throttling, which means the system does not properly restrict resource usage, potentially leading to resource exhaustion.
How can this vulnerability impact me? :
The vulnerability can lead to resource exhaustion on the affected Apache Tomcat servers, which may cause performance degradation, denial of service, or system instability.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache Tomcat to version 11.0.8, 10.1.42, or 9.0.106, which fix the issue.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70