Apache Tomcat June Vulnerability Security Update Advisory
Overview
Apache Tomcat(https://tomcat.apache.org/) has released a security update that addresses a vulnerability in its shipped products. Users of affected products are advised to update to the latest version.
Affected Products
Apache Tomcat 9.0.23 – 9.0.105
Apache Tomcat 9.0.0.M1 – 9.0.105
Apache Tomcat 11.0.0-M1 – 11.0.7
Apache Tomcat 10.1.0-M1 – 10.1.41
Apache Tomcat 10.1.0 – 10.1.41
Resolved Vulnerabilities
Denial of Service Attack Vulnerability in Apache Tomcat caused by a crafted request (CVE-2025-48988)
Security constraint bypass for pre/post resources in Apache Tomcat (CVE-2025-49125)
Denial of Service Attack Vulnerability in Apache Tomcat caused by a crafted request (CVE-2025-48976)
Sideloading Vulnerability via Apache Tomcat Installer (CVE-2025-49124)
Vulnerability Patches
Please follow the security advisory published on June 16, 2025 to update to the applicable version and the latest version.
Apache Tomcat 9.0.106
Apache Tomcat 11.0.8
Apache Tomcat 10.1.42
Referenced Sites
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48976
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49125
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49124