Vulnerability cyber

Apache Software Foundation

Jun 17, 2025 1 min read
Apache Software Foundation

Multiple critical security vulnerabilities in Apache Tomcat web servers were discovered, including high-severity flaws enabling denial-of-service (DoS) attacks and a moderate-severity vulnerability allowing authentication bypass. These vulnerabilities, identified as CVE-2025-48976, CVE-2025-48988, CVE-2025-49124, and CVE-2025-49125, affect millions of web applications worldwide running on affected Tomcat versions spanning from 9.0.x to 11.0.x series. The vulnerabilities were reported on June 16, 2025, and immediate patches are available across all affected version branches.

Source: https://cybersecuritynews.com/apache-tomcat-vulnerabilities/

TPRM report: https://scoringcyber.rankiteo.com/company/the-apache-software-foundation

"id": "the903061725",
"linkid": "the-apache-software-foundation",
"type": "Vulnerability",
"date": "6/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Software',
                        'name': 'Apache Software Foundation',
                        'type': 'Organization'}],
 'attack_vector': ['Memory Exhaustion via Multipart Header Exploitation',
                   'Multipart Upload Resource Exhaustion',
                   'Windows Installer Side-Loading Risk',
                   'Security Constraint Bypass in Resource Mounting'],
 'date_detected': '2025-06-16',
 'date_publicly_disclosed': '2025-06-16',
 'description': 'Multiple critical security vulnerabilities affecting Apache '
                'Tomcat web servers, including two high-severity flaws '
                'enabling denial-of-service (DoS) attacks and one '
                'moderate-severity vulnerability allowing authentication '
                'bypass.',
 'impact': {'systems_affected': 'Apache Tomcat web servers'},
 'recommendations': 'Organizations must prioritize immediate updates to '
                    'address these vulnerabilities. System administrators '
                    'should verify their Tomcat installations and implement '
                    'configuration changes to the server.xml file, '
                    'specifically adjusting Connector parameters to prevent '
                    'resource exhaustion attacks while maintaining application '
                    'functionality.',
 'response': {'remediation_measures': 'Immediate patches available across all '
                                      'affected version branches'},
 'title': 'Multiple Critical Security Vulnerabilities in Apache Tomcat',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2025-48976',
                             'CVE-2025-48988',
                             'CVE-2025-49124',
                             'CVE-2025-49125']}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

Zyxel

public 1 min read
A significant spike was observed in exploitation attempts targeting CVE-2023-28771, a critical remote code execution vulnerability affecting Zyxel Internet Key…
Jeremy C Jeremy C
Vulnerability cyber

Langflow

public 1 min read
Security researchers have uncovered an active cyberattack campaign targeting Langflow servers through CVE-2025-3248, a critical remote code execution vulnerability. This…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.