An update for tomcat is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2217 Final 1.0 1.0 2025-09-05 Initial 2025-09-05 2025-09-05 openEuler SA Tool V1.0 2025-09-05 tomcat security update An update for tomcat is now available for openEuler-22.03-LTS-SP3 Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fix(es): Apache Tomcat is vulnerable to the made you reset attack due to an Improper Resource Shutdown or Release vulnerability. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.(CVE-2025-48989) Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.(CVE-2025-55668) An update for tomcat is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High tomcat https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2217 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48989 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-55668 https://nvd.nist.gov/vuln/detail/CVE-2025-48989 https://nvd.nist.gov/vuln/detail/CVE-2025-55668 openEuler-22.03-LTS-SP3 tomcat-9.0.100-8.oe2203sp3.noarch.rpm tomcat-help-9.0.100-8.oe2203sp3.noarch.rpm tomcat-jsvc-9.0.100-8.oe2203sp3.noarch.rpm tomcat-9.0.100-8.oe2203sp3.src.rpm Apache Tomcat is vulnerable to the made you reset attack due to an Improper Resource Shutdown or Release vulnerability. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. 2025-09-05 CVE-2025-48989 openEuler-22.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H tomcat security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2217 Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. 2025-09-05 CVE-2025-55668 openEuler-22.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N tomcat security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2217