EUVD-2025-18409

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Allocation of Resources Without Limits vulnerability in Apache Tomcat. Upgrade to fix it.

Reporter	Title	Published	Views	Family All 239
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses uthentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.	9 Jul 202507:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple Apache Tomcat vulnerabilities (CVE-2025-48976, CVE-2025-48988)	17 Jul 202518:27	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench	30 Oct 202520:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-48988, CVE-2025-49125 & CVE-2025-48976 )	14 Aug 202511:30	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities related to tomcat-embed-core library in IBM Business Automation Manager Open Editions.	4 Jul 202508:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Authentication Bypass, and improper allocation of resources in Apache Tomcat [CVE-2025-49125, CVE-2025-48976, CVE-2025-48988]	28 Aug 202521:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities	15 Jul 202515:21	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	25 Sep 202511:51	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.	12 Aug 202509:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.104.jar	26 Aug 202517:51	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "8a190b7b-fe8f-388f-b403-b1d268b18c70",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "238493be-b311-3b7f-8c98-996997424542",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "11.0.0-M1 ≤11.0.7"
      },
      {
        "id": "4815e055-a2d3-3f49-be7c-1b633d2d4c8c",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "10.1.0-M1 ≤10.1.41"
      },
      {
        "id": "c4418771-273c-3083-9c3b-68bc3861e147",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": ""
      },
      {
        "id": "d7c740c9-3f1a-3082-b313-9e8b4f321ce9",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "8.5.0 ≤8.5.100"
      },
      {
        "id": "daf79fd7-3d4f-3852-8bab-ae070fe717e2",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "9.0.0.M1 ≤9.0.105"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-48988
lists	www.lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
github	www.github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e
github	www.github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6
github	www.github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
tomcat	www.tomcat.apache.org/security-10.html
tomcat	www.tomcat.apache.org/security-11.html
tomcat	www.tomcat.apache.org/security-9.html
openwall	www.openwall.com/lists/oss-security/2025/06/16/1

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.5

EPSS0.00759

SSVC