Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache Tomcat: Unauthenticated Data Exposure Through Unvalidated Input
ROOT-APP-MAVEN-CVE-2025-48988
Summary
Apache Tomcat's catalina package has a security issue that could allow an attacker to access sensitive data without being authenticated. This could lead to unauthorized access to your website or application. Update to a patched version of the package to fix the issue.
What to do
- Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.13-root.io.9.
- Update io.root.org.apache.tomcat:tomcat-catalina to version 11.0.6-root.io.4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | io.root.org.apache.tomcat:tomcat-catalina | <= 10.1.13-root.io.9 | 10.1.13-root.io.9 |
| – | io.root.org.apache.tomcat:tomcat-catalina | <= 11.0.6-root.io.4 | 11.0.6-root.io.4 |
Original title
CVE-2025-48988 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Original description
Root has patched CVE-2025-48988 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 7 Apr 2026