Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

SUSE: Tomcat Important Security Update DoS Fixes 2025:03024-1

suse
Calendar Grey August 29, 2025
Dist Suse Esm H88
The SUSE Tomcat essential patch addresses critical flaws, notably Denial of Service vulnerabilities. Prompt action is required to protect your infrastructure.
* bsc#1243895 * bsc#1246318 * bsc#1246388 * bsc#1246389

Summary

## This update for tomcat fixes the following issues: Updated to 9.0.108: * CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388) * CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318) * CVE-2025-52434: Fixed race condition on connection close when using the APR/Native connector leading to a JVM crash (bsc#1246389) * CVE-2025-48989: Fixed "MadeYouReset" DoS in HTTP/2 due to client triggered stream reset (bsc#1243895) Other: * Correct a regression in the fix for CVE-2025-49125 that prevented access to PreResources and PostResources when mounted below the web application root with a path that was terminated with a file separator. ## Patch Instructions:

References

* bsc#1243895

* bsc#1246318

* bsc#1246388

* bsc#1246389

Cross-

* CVE-2025-48989

* CVE-2025-49125

* CVE-2025-52434

* CVE-2025-52520

* CVE-2025-53506

CVSS scores:

* CVE-2025-48989 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-48989 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-48989 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-49125 ( SUSE ): 9.1

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-49125 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2025-49125 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-52434 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03024-1
Release Date: 2025-08-29T12:42:03Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here