Search for vulnerabilities
Vulnerability details: VCID-rmr5-vpa4-9kgw
Vulnerability ID VCID-rmr5-vpa4-9kgw
Aliases CVE-2025-48988
GHSA-h3gc-qfqq-6h8f
Summary multiple issues
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48988.json
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2025-48988
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-h3gc-qfqq-6h8f
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
cvssv3.1 7.5 https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e
generic_textual HIGH https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e
cvssv3.1 7.5 https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6
generic_textual HIGH https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6
cvssv3.1 7.5 https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
generic_textual HIGH https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
cvssv3.1 7.5 https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
generic_textual HIGH https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
ssvc Track https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2025-48988
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2025-48988
archlinux High https://security.archlinux.org/AVG-2888
archlinux High https://security.archlinux.org/AVG-2889
cvssv3.1 7.5 https://tomcat.apache.org/security-10.html
generic_textual HIGH https://tomcat.apache.org/security-10.html
cvssv3.1 7.5 https://tomcat.apache.org/security-11.html
generic_textual HIGH https://tomcat.apache.org/security-11.html
cvssv3.1 7.5 https://tomcat.apache.org/security-9.html
generic_textual HIGH https://tomcat.apache.org/security-9.html
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2025/06/16/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2025/06/16/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48988.json
https://api.first.org/data/v1/epss?cve=CVE-2025-48988
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e
https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6
https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
https://nvd.nist.gov/vuln/detail/CVE-2025-48988
https://tomcat.apache.org/security-10.html
https://tomcat.apache.org/security-11.html
https://tomcat.apache.org/security-9.html
http://www.openwall.com/lists/oss-security/2025/06/16/1
1108116 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108116
2373015 https://bugzilla.redhat.com/show_bug.cgi?id=2373015
AVG-2888 https://security.archlinux.org/AVG-2888
AVG-2889 https://security.archlinux.org/AVG-2889
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
CVE-2025-48988 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48988
GHSA-h3gc-qfqq-6h8f https://github.com/advisories/GHSA-h3gc-qfqq-6h8f
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-48988.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-17T18:20:54Z/ Found at https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-48988
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-10.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-11.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://tomcat.apache.org/security-9.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2025/06/16/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15821
EPSS Score 0.00051
Published At July 16, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T11:52:37.398061+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-2889 36.1.3