Critical Tomcat 10.1.40 update fixes CVE-2025-31651 (CVSS 9.8 RCE) and CVE-2025-31650 (DoS) on SUSE Linux. Patch now to secure enterprise Java web servers.
High-Risk Vulnerabilities Threaten SUSE Linux Systems – Immediate Action Required
Why This Update Matters
The newly released Tomcat 10.1.40 patch addresses two severe vulnerabilities (CVSS scores up to 9.8) affecting SUSE Linux Enterprise Server, openSUSE Leap, and related distributions. Enterprises relying on Apache Tomcat for Java web applications must prioritize this update to prevent remote code execution (RCE) and denial-of-service (DoS) attacks.
Vulnerability Details
CVE-2025-31650 (CVSS 8.7)
Impact: Invalid HTTP/2 priority field handling could crash servers (DoS).
Risk: Exploitable remotely without authentication (
AV:N/PR:N).Affected: All Tomcat 10.x deployments on SUSE 15 SP5/SP6.
CVE-2025-31651 (CVSS 9.8)
Impact: Malicious URL parsing bypass (
;and?characters) enabling RCE.Risk: NVD rates this as CRITICAL due to full system compromise potential.
Solution: Update to Tomcat 10.1.40 immediately.
Affected Products
SUSE Linux Enterprise Server 15 SP5/SP6
SUSE Linux Enterprise High Performance Computing
openSUSE Leap 15.6
Web and Scripting Module 15-SP6
(Full list in SUSE’s advisory)
How to Patch
Recommended Methods
YaST Online Update: Automated patch deployment for enterprise environments.
Zypper CLI: Run the exact command for your OS:
# openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-1537=1 (See full patch instructions for other distributions.)
FAQ
Q: Is this update relevant for cloud deployments?
A: Yes—AWS, Azure, and GCP instances running SUSE Linux must patch.
Q: Are there workarounds if I can’t update immediately?
A: No. CVSS 9.8 vulnerabilities require urgent patching.
Nenhum comentário:
Postar um comentário