Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: tomcat11 Important DoS Flaws ADVISORY 2025:02979-1 CVE-2025-49125

suse
Calendar Grey August 25, 2025
Dist Suse Esm H88
SUSE has issued a vital notice regarding tomcat11, targeting severe vulnerabilities that compromise its infrastructure. Update your systems immediately.
* bsc#1246318 * bsc#1246388 Cross-References: * CVE-2025-49125

Summary

## This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.9 \- CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388) \- CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318) Other: \- Correct a regression in the fix for CVE-2025-49125 that prevented access to PreResources and PostResources when mounted below the web application root with a path that was terminated with a file separator. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2979=1 openSUSE-SLE-15.6-2025-2979=1

Topics%20covered

Topics Covered

security advisory update DoS important OpenSUSE tomcat11

References

* bsc#1246318

* bsc#1246388

Cross-

* CVE-2025-49125

* CVE-2025-52520

* CVE-2025-53506

CVSS scores:

* CVE-2025-49125 ( SUSE ): 9.1

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-49125 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2025-49125 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-52520 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-52520 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-52520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-53506 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-53506 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02979-1
Release Date: 2025-08-25T13:46:33Z
Rating: important

Topics%20covered

Topics Covered

security advisory update DoS important OpenSUSE tomcat11

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here