UBUNTU-CVE-2025-48988
A resource allocation vulnerability exists in Apache Tomcat versions from 11.0.0-M1 through 11.0.7, 10.1.0-M1 through 10.1.41, and 9.0.0.M1 through 9.0.105, including some older EOL versions such as 8.5.0 through 8.5.100. This flaw allows allocation of resources without limits or throttling, potentially leading to denial of service. Fixed versions are 11.0.8, 10.1.42, and 9.0.106. The vulnerability affects multiple Ubuntu package versions as listed. No known exploits in the wild have been reported.
AI Analysis
Technical Summary
This vulnerability in Apache Tomcat involves allocation of resources without proper limits or throttling, which can cause denial of service conditions. It affects multiple major release lines: 11.x from 11.0.0-M1 up to 11.0.7, 10.1.x from 10.1.0-M1 up to 10.1.41, and 9.0.x from 9.0.0-M1 up to 9.0.105. Additionally, older end-of-life versions such as 8.5.0 through 8.5.100 are known to be affected. The issue is addressed in versions 11.0.8, 10.1.42, and 9.0.106. The vulnerability is characterized by the lack of resource allocation limits or throttling, which can be exploited to exhaust server resources and cause service disruption.
Potential Impact
The vulnerability allows an attacker to cause denial of service by exhausting server resources due to the lack of limits or throttling on resource allocation. There is no impact on confidentiality or integrity reported. The CVSS vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and an impact limited to availability (A:H). No known exploits in the wild have been reported.
Mitigation Recommendations
A fix is available. Users should upgrade affected Apache Tomcat versions to 11.0.8, 10.1.42, or 9.0.106 as appropriate. Applying these updates will remediate the vulnerability by introducing proper resource allocation limits and throttling. No other mitigation steps are indicated by the vendor advisory.
UBUNTU-CVE-2025-48988
Description
A resource allocation vulnerability exists in Apache Tomcat versions from 11.0.0-M1 through 11.0.7, 10.1.0-M1 through 10.1.41, and 9.0.0.M1 through 9.0.105, including some older EOL versions such as 8.5.0 through 8.5.100. This flaw allows allocation of resources without limits or throttling, potentially leading to denial of service. Fixed versions are 11.0.8, 10.1.42, and 9.0.106. The vulnerability affects multiple Ubuntu package versions as listed. No known exploits in the wild have been reported.
CVSS v3.1
Affected software
pkg:deb/ubuntu/[email protected]+esm3?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/[email protected]+esm2?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/[email protected]+esm2?arch=source&distro=esm-infra-legacy/xenialpkg:deb/ubuntu/[email protected]+esm4?arch=source&distro=esm-apps-legacy/xenialpkg:deb/ubuntu/[email protected]~18.04.3+esm6?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/[email protected]+esm8?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/[email protected]+esm3?arch=source&distro=esm-apps/focalpkg:deb/ubuntu/[email protected]+esm4?arch=source&distro=esm-apps/jammypkg:deb/ubuntu/[email protected]~esm4?arch=source&distro=esm-apps/noblepkg:deb/ubuntu/[email protected]?arch=source&distro=questingpkg:deb/ubuntu/[email protected]~26.04.1?arch=source&distro=resolutepkg:deb/ubuntu/[email protected]~26.04.1?arch=source&distro=resoluteRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Apache Tomcat involves allocation of resources without proper limits or throttling, which can cause denial of service conditions. It affects multiple major release lines: 11.x from 11.0.0-M1 up to 11.0.7, 10.1.x from 10.1.0-M1 up to 10.1.41, and 9.0.x from 9.0.0-M1 up to 9.0.105. Additionally, older end-of-life versions such as 8.5.0 through 8.5.100 are known to be affected. The issue is addressed in versions 11.0.8, 10.1.42, and 9.0.106. The vulnerability is characterized by the lack of resource allocation limits or throttling, which can be exploited to exhaust server resources and cause service disruption.
Potential Impact
The vulnerability allows an attacker to cause denial of service by exhausting server resources due to the lack of limits or throttling on resource allocation. There is no impact on confidentiality or integrity reported. The CVSS vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and an impact limited to availability (A:H). No known exploits in the wild have been reported.
Mitigation Recommendations
A fix is available. Users should upgrade affected Apache Tomcat versions to 11.0.8, 10.1.42, or 9.0.106 as appropriate. Applying these updates will remediate the vulnerability by introducing proper resource allocation limits and throttling. No other mitigation steps are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- UBUNTU-CVE-2025-48988
- Osv Schema Version
- 1.7.0
- Aliases
- []
- Ecosystems
- ["Ubuntu:Pro:14.04:LTS","Ubuntu:Pro:16.04:LTS","Ubuntu:Pro:18.04:LTS","Ubuntu:Pro:20.04:LTS","Ubuntu:Pro:22.04:LTS","Ubuntu:Pro:24.04:LTS","Ubuntu:25.10","Ubuntu:26.04:LTS"]
- Database Specific Severity
- null
- Cvss Version
- 3.1
Threat ID: 6a58b50768715ace43db294b
Added to database: 07/16/2026, 10:40:07 UTC
Last enriched: 07/16/2026, 14:15:11 UTC
Last updated: 07/16/2026, 23:03:57 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.