Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Key Issues Resolved in SUSE tomcat9 - Update SUSE-SU-2026-22001-5

suse
Calendar Grey April 9, 2026
Dist Suse Esm H88
This update for tomcat10 addresses six important issues, enhancing the overall security of SUSE Linux Enterprise. Install now!
An update that solves six vulnerabilities and has one fix can now be installed.

Summary

## This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: * CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753). * CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905). * CVE-2025-61795: temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756). * CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). * CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). * CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog:

References

* bsc#1252753

* bsc#1252756

* bsc#1252905

* bsc#1253460

* bsc#1258371

* bsc#1258385

* bsc#1258387

Cross-

* CVE-2025-55752

* CVE-2025-55754

* CVE-2025-61795

* CVE-2025-66614

* CVE-2026-24733

* CVE-2026-24734

CVSS scores:

* CVE-2025-55752 ( SUSE ): 7.7

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-55752 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-55752 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-55754 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-55754 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2025-55754 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-61795 ( SUSE ): 6.0

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20982-1
Release Date: 2026-03-30T08:14:01Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here