RHSA-2025:14177
- Source
- https://access.redhat.com/errata/RHSA-2025:14177
- Import Source
- https://security.access.redhat.com/data/osv/RHSA-2025:14177.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/RHSA-2025:14177
- Upstream
- Published
- 2025-08-21T10:03:54Z
- Modified
- 2025-08-21T11:02:19.266128Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Red Hat Security Advisory: tomcat security update
- Details
- References
-
- https://access.redhat.com/errata/RHSA-2025:14177
- https://access.redhat.com/security/updates/classification/#important
- https://bugzilla.redhat.com/show_bug.cgi?id=2373015
- https://bugzilla.redhat.com/show_bug.cgi?id=2373018
- https://bugzilla.redhat.com/show_bug.cgi?id=2373020
- https://bugzilla.redhat.com/show_bug.cgi?id=2373309
- https://bugzilla.redhat.com/show_bug.cgi?id=2379374
- https://bugzilla.redhat.com/show_bug.cgi?id=2379382
- https://bugzilla.redhat.com/show_bug.cgi?id=2379386
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14177.json
- https://access.redhat.com/security/cve/CVE-2025-48976
- https://www.cve.org/CVERecord?id=CVE-2025-48976
- https://nvd.nist.gov/vuln/detail/CVE-2025-48976
- https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12
- https://access.redhat.com/security/cve/CVE-2025-48988
- https://www.cve.org/CVERecord?id=CVE-2025-48988
- https://nvd.nist.gov/vuln/detail/CVE-2025-48988
- https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
- https://access.redhat.com/security/cve/CVE-2025-48989
- https://www.cve.org/CVERecord?id=CVE-2025-48989
- https://nvd.nist.gov/vuln/detail/CVE-2025-48989
- https://kb.cert.org/vuls/id/767506
- https://access.redhat.com/security/cve/CVE-2025-49125
- https://www.cve.org/CVERecord?id=CVE-2025-49125
- https://nvd.nist.gov/vuln/detail/CVE-2025-49125
- https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk
- https://access.redhat.com/security/cve/CVE-2025-52434
- https://www.cve.org/CVERecord?id=CVE-2025-52434
- https://nvd.nist.gov/vuln/detail/CVE-2025-52434
- https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030
- https://access.redhat.com/security/cve/CVE-2025-52520
- https://www.cve.org/CVERecord?id=CVE-2025-52520
- https://nvd.nist.gov/vuln/detail/CVE-2025-52520
- https://lists.apache.org/thread/trqq01bbxw6c92zx69kx2mw2qgmfy0o5
- https://access.redhat.com/security/cve/CVE-2025-53506
- https://www.cve.org/CVERecord?id=CVE-2025-53506
- https://nvd.nist.gov/vuln/detail/CVE-2025-53506
- https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
Affected packages
Red Hat:enterprise_linux:8::appstream / tomcat
Package
- Name
- tomcat
- Purl
- pkg:rpm/redhat/tomcat
Red Hat:enterprise_linux:8::appstream / tomcat-admin-webapps
Package
- Name
- tomcat-admin-webapps
- Purl
- pkg:rpm/redhat/tomcat-admin-webapps
Red Hat:enterprise_linux:8::appstream / tomcat-docs-webapp
Package
- Name
- tomcat-docs-webapp
- Purl
- pkg:rpm/redhat/tomcat-docs-webapp
Red Hat:enterprise_linux:8::appstream / tomcat-el-3.0-api
Package
- Name
- tomcat-el-3.0-api
- Purl
- pkg:rpm/redhat/tomcat-el-3.0-api
Red Hat:enterprise_linux:8::appstream / tomcat-jsp-2.3-api
Package
- Name
- tomcat-jsp-2.3-api
- Purl
- pkg:rpm/redhat/tomcat-jsp-2.3-api
Red Hat:enterprise_linux:8::appstream / tomcat-lib
Package
- Name
- tomcat-lib
- Purl
- pkg:rpm/redhat/tomcat-lib
Red Hat:enterprise_linux:8::appstream / tomcat-servlet-4.0-api
Package
- Name
- tomcat-servlet-4.0-api
- Purl
- pkg:rpm/redhat/tomcat-servlet-4.0-api