Security update for tomcat SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02280-1 Final 1 1 2025-07-10T16:04:29Z current 2025-07-10T16:04:29Z 2025-07-10T16:04:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tomcat This update for tomcat fixes the following issues: - CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources (bsc#1243815). - CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part (bsc#1244656). - CVE-2025-49125: Fixed expand checks for webAppMount (bsc#1244649). Other bugfixes: - Made permissions more secure (bsc#1242722) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2280,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-2280,SUSE-SLE-Module-Web-Scripting-15-SP7-2025-2280,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2280,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-2280,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-2280,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2280,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2280,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2280,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-2280,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2280,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2280,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-2280,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2280,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-2280,SUSE-Storage-7.1-2025-2280,openSUSE-SLE-15.6-2025-2280 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502280-1/ Link for SUSE-SU-2025:02280-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040680.html E-Mail link for SUSE-SU-2025:02280-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1242722 SUSE Bug 1242722 https://bugzilla.suse.com/1243815 SUSE Bug 1243815 https://bugzilla.suse.com/1244649 SUSE Bug 1244649 https://bugzilla.suse.com/1244656 SUSE Bug 1244656 https://www.suse.com/security/cve/CVE-2025-46701/ SUSE CVE CVE-2025-46701 page https://www.suse.com/security/cve/CVE-2025-48988/ SUSE CVE CVE-2025-48988 page https://www.suse.com/security/cve/CVE-2025-49125/ SUSE CVE CVE-2025-49125 page SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Web and Scripting 15 SP6 SUSE Linux Enterprise Module for Web and Scripting 15 SP7 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Server 4.3 openSUSE Leap 15.6 tomcat-9.0.106-150200.86.1 tomcat-admin-webapps-9.0.106-150200.86.1 tomcat-docs-webapp-9.0.106-150200.86.1 tomcat-el-3_0-api-9.0.106-150200.86.1 tomcat-embed-9.0.106-150200.86.1 tomcat-javadoc-9.0.106-150200.86.1 tomcat-jsp-2_3-api-9.0.106-150200.86.1 tomcat-jsvc-9.0.106-150200.86.1 tomcat-lib-9.0.106-150200.86.1 tomcat-servlet-4_0-api-9.0.106-150200.86.1 tomcat-webapps-9.0.106-150200.86.1 tomcat-9.0.106-150200.86.1 as a component of SUSE Enterprise Storage 7.1 tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Enterprise Storage 7.1 tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Enterprise Storage 7.1 tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Enterprise Storage 7.1 tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Enterprise Storage 7.1 tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Enterprise Storage 7.1 tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Enterprise Storage 7.1 tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP7 tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 tomcat-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 tomcat-9.0.106-150200.86.1 as a component of SUSE Manager Server 4.3 tomcat-admin-webapps-9.0.106-150200.86.1 as a component of SUSE Manager Server 4.3 tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of SUSE Manager Server 4.3 tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of SUSE Manager Server 4.3 tomcat-lib-9.0.106-150200.86.1 as a component of SUSE Manager Server 4.3 tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of SUSE Manager Server 4.3 tomcat-webapps-9.0.106-150200.86.1 as a component of SUSE Manager Server 4.3 tomcat-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-admin-webapps-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-docs-webapp-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-el-3_0-api-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-embed-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-javadoc-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-jsp-2_3-api-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-jsvc-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-lib-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-servlet-4_0-api-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 tomcat-webapps-9.0.106-150200.86.1 as a component of openSUSE Leap 15.6 Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue. CVE-2025-46701 SUSE Enterprise Storage 7.1:tomcat-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-lib-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-webapps-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-admin-webapps-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-docs-webapp-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-embed-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-javadoc-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-jsvc-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-lib-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-webapps-9.0.106-150200.86.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502280-1/ https://www.suse.com/security/cve/CVE-2025-46701.html CVE-2025-46701 https://bugzilla.suse.com/1243815 SUSE Bug 1243815 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. CVE-2025-48988 SUSE Enterprise Storage 7.1:tomcat-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-lib-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-webapps-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-admin-webapps-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-docs-webapp-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-embed-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-javadoc-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-jsvc-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-lib-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-webapps-9.0.106-150200.86.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502280-1/ https://www.suse.com/security/cve/CVE-2025-48988.html CVE-2025-48988 https://bugzilla.suse.com/1244656 SUSE Bug 1244656 Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. CVE-2025-49125 SUSE Enterprise Storage 7.1:tomcat-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-lib-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Enterprise Storage 7.1:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP7:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP3-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP4-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server 15 SP5-LTSS:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:tomcat-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-lib-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:tomcat-webapps-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-admin-webapps-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-el-3_0-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-jsp-2_3-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-lib-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-servlet-4_0-api-9.0.106-150200.86.1 SUSE Manager Server 4.3:tomcat-webapps-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-admin-webapps-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-docs-webapp-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-el-3_0-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-embed-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-javadoc-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-jsp-2_3-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-jsvc-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-lib-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-servlet-4_0-api-9.0.106-150200.86.1 openSUSE Leap 15.6:tomcat-webapps-9.0.106-150200.86.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502280-1/ https://www.suse.com/security/cve/CVE-2025-49125.html CVE-2025-49125 https://bugzilla.suse.com/1244649 SUSE Bug 1244649