Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'cve-2025-48989'

View all threats tagged with 'cve-2025-48989'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: cve-2025-48989

Threats Tagged 'cve-2025-48989'

Click on any threat for detailed analysis and mitigation recommendations

Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.2 release and security updateCVE-2025-48989
0

Red Hat JBoss Web Server 6.1.2 includes security updates addressing denial of service vulnerabilities in the Apache Tomcat component. Specifically, it fixes CVE-2025-52520, an Apache Tomcat denial of service issue, and CVE-2025-48989, a minor incident involving an HTTP/2 "MadeYouReset" DoS attack via HTTP/2 control frames. This release replaces version 6.1.1 and includes other bug fixes and enhancements. The update is rated as important by Red Hat Product Security.

Join the discussion
Red Hat Security Advisory: Red Hat JBoss Web Server 6.1.2 release and security updateCVE-2025-48989
0

Red Hat JBoss Web Server 6.1.2 includes security fixes addressing denial of service vulnerabilities in Apache Tomcat components. These include CVE-2025-52520, a general Apache Tomcat denial of service issue, and CVE-2025-48989, a minor incident involving an HTTP/2 "MadeYouReset" DoS attack via HTTP/2 control frames. The update replaces version 6.1.1 and provides bug fixes, enhancements, and component upgrades.

Join the discussion
Red Hat Security Advisory: tomcat security updateCVE-2025-48976
0

Multiple security vulnerabilities affecting Apache Tomcat and Apache Commons FileUpload have been addressed in a Red Hat Enterprise Linux 8 update. These include denial of service (DoS) issues via multipart uploads, HTTP/2 control frames, and part headers, as well as a security constraint bypass vulnerability. The update is rated as important by Red Hat Product Security. Users of affected Red Hat Enterprise Linux 8 variants should apply the provided security update to mitigate these issues.

Join the discussion
Red Hat Security Advisory: tomcat9 security updateCVE-2025-48976
0

Red Hat has issued a security advisory for tomcat9 addressing multiple vulnerabilities including denial of service (DoS) issues and a security constraint bypass. The vulnerabilities affect Apache Tomcat and Apache Commons FileUpload components, impacting multipart upload handling, HTTP/2 control frames, and security constraints. The advisory covers Red Hat Enterprise Linux 10 and its extended update support versions. The update is rated as Important by Red Hat Product Security. No CVSS scores are provided in the advisory, but the severity is assessed as high due to the nature of the vulnerabilities.

Join the discussion
Red Hat Security Advisory: tomcat security updateCVE-2025-48976
0

Multiple security vulnerabilities affecting Apache Tomcat and Apache Commons FileUpload components have been identified and addressed in Red Hat Enterprise Linux 9.4 Extended Update Support. These include denial of service (DoS) issues via multipart upload, HTTP/2 control frames, and part headers, as well as a security constraint bypass vulnerability. The update fixes several CVEs related to these issues. Red Hat has released updated packages to remediate these vulnerabilities.

Join the discussion
Red Hat Security Advisory: tomcat security updateCVE-2025-48976
0

Multiple security vulnerabilities affecting Apache Tomcat and Apache Commons FileUpload have been addressed in a Red Hat Enterprise Linux 9 update. These include denial of service (DoS) issues via multipart uploads, HTTP/2 control frames, and part headers, as well as a security constraint bypass vulnerability. The update is rated as important by Red Hat Product Security and fixes several CVEs related to denial of service and security bypass. The advisory provides updated packages for various Red Hat Enterprise Linux 9 variants and architectures.

Join the discussion
Red Hat Security Advisory: tomcat security updateCVE-2025-48976
0

Multiple security vulnerabilities affecting Apache Tomcat and Apache Commons FileUpload have been addressed in a Red Hat security advisory. These include denial of service (DoS) issues via multipart upload, HTTP/2 control frames, and part headers, as well as a security constraint bypass vulnerability. The advisory covers Red Hat Enterprise Linux 8.8 and related update services. A security update is available to remediate these issues.

Join the discussion
Red Hat Security Advisory: tomcat security updateCVE-2025-48976
0

Multiple security vulnerabilities affecting Apache Tomcat and Apache Commons FileUpload have been addressed in a Red Hat Enterprise Linux 9.2 update. These include denial of service (DoS) issues in multipart upload handling, HTTP/2 control frames, and part headers, as well as a security constraint bypass vulnerability. The update is rated as Important by Red Hat Product Security and targets Red Hat Enterprise Linux 9.2 variants. No CVSS scores are provided in the advisory.

Join the discussion
Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.6 release and security updateCVE-2025-31651
0

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.8.6 serves as a replacement for Red Hat JBoss Web Server 5.8.5. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section. Security Fix(es): * [Minor Incident] tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames [jws-5] (CVE-2025-48989) * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-5] (CVE-2025-31651) * tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-5] (CVE-2025-55752) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Join the discussion
Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.6 release and security updateCVE-2025-31651
0

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.8.6 serves as a replacement for Red Hat JBoss Web Server 5.8.5. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes that are linked to in the References section. Security Fix(es): * [Minor Incident] tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames [jws-5] (CVE-2025-48989) * tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve [jws-5] (CVE-2025-31651) * tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE [jws-5] (CVE-2025-55752) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Join the discussion

Showing 1 to 10 of 10 results

Filters:Tag: cve-2025-48989
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses