CIRT.GY | Apache Tomcat Security Advisory (June 26th, 2025)

Apache Tomcat Security Advisory (June 26th, 2025)

Ref# ADV2025_156 | Date: Jun 26th 2025

Apache has published a security advisory highlighting vulnerabilities in the following products on June 16th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated.

Apache Tomcat – versions 11.0.0-M1 to 11.0.7

Apache Tomcat – versions 10.1.0-M1 to 10.1.41

Apache Tomcat – versions 9.0.0.M1 to 9.0.105

For more information on these updates, you can follow this URL:

Apache Security Advisory – [SECURITY] CVE-2025-48988 Apache Tomcat – DoS in multipart upload

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary.

PDF Download: Apache Tomcat Security Advisory

References

Apache Security Advisory. (June 16th, 2025). Retrieved from Apache Tomcat. https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18

Apache Security Advisory. (June 18th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/apache-tomcat-security-advisory-av25-354