[CVE-2025-55752] HIGH: Apache Tomcat tomcat-embed-core 10.1.35 - Directory traversal with possible RCE

## Vulnerability Report

| Field | Value |
|-------|-------|
| **CVEs** | `CVE-2025-48988`, `CVE-2025-48989`, `CVE-2025-55752` |
| **Severity** | **HIGH** (3 CVEs) |
| **Library** | `org.apache.tomcat.embed:tomcat-embed-core` |
| **Source** | `workers.jar` |
| **Installed Version** | 10.1.35 |
| **Fixed Version** | 10.1.45+ / 11.0.11+ / 9.0.109+ |

### Summary

Three vulnerabilities in Tomcat embedded core:

1. **CVE-2025-48988** - Apache Tomcat DoS in multipart upload
2. **CVE-2025-48989** - HTTP/2 "MadeYouReset" DoS attack through HTTP/2 control frames
3. **CVE-2025-55752** - Directory traversal via rewrite with possible RCE

### References

- [CVE-2025-48988](https://avd.aquasec.com/nvd/cve-2025-48988)
- [CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)
- [CVE-2025-55752](https://avd.aquasec.com/nvd/cve-2025-55752)

---
*Filed from container vulnerability scan of `workers.jar`*

Field	Value
CVEs	`CVE-2025-48988`, `CVE-2025-48989`, `CVE-2025-55752`
Severity	HIGH (3 CVEs)
Library	`org.apache.tomcat.embed:tomcat-embed-core`
Source	`workers.jar`
Installed Version	10.1.35
Fixed Version	10.1.45+ / 11.0.11+ / 9.0.109+

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CVE-2025-55752] HIGH: Apache Tomcat tomcat-embed-core 10.1.35 - Directory traversal with possible RCE #79

Vulnerability Report

Summary

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[CVE-2025-55752] HIGH: Apache Tomcat tomcat-embed-core 10.1.35 - Directory traversal with possible RCE #79

Description

Vulnerability Report

Summary

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions