CVE-2025-48988: 
Java vulnerability analysis and mitigation

A resource allocation vulnerability (CVE-2025-48988) was identified in Apache Tomcat, affecting versions from 11.0.0-M1 through 11.0.7, 10.1.0-M1 through 10.1.41, and 9.0.0.M1 through 9.0.105. The vulnerability was discovered by the TERASOLUNA Framework Security Team of NTT DATA Group Corporation and publicly disclosed on June 16, 2025 (OSS Security).

The vulnerability is classified as an Allocation of Resources Without Limits or Throttling issue (CWE-770). According to the CVSS 3.1 scoring by CISA-ADP, it received a High severity base score of 7.5 with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD Database).

The vulnerability primarily affects the availability of the system, as indicated by the CVSS scoring which shows high impact on availability (A:H) but no impact on confidentiality or integrity. This suggests the vulnerability could be exploited to cause denial-of-service conditions (NVD Database).

Users are recommended to upgrade to the fixed versions: Apache Tomcat 11.0.8, 10.1.42, or 9.0.106, which contain patches for this vulnerability (Apache Advisory).