CVE-2025-48989

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-48989

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48989.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48989

Aliases

Downstream

DEBIAN-CVE-2025-48989

MINI-2vgr-4mc5-9rm6

MINI-57p2-xf59-5hqq

MINI-6qhh-cpp9-g22h

MINI-6v9j-jv3w-vmwm

MINI-f353-p788-rrc3

MINI-vrx7-2837-8qw4

OESA-2025-2243

RHSA-2025:13685

RHSA-2025:14177

RHSA-2025:14178

RHSA-2025:14179

RHSA-2025:14180

RHSA-2025:14181

RHSA-2025:14182

RHSA-2025:14183

RLSA-2025:14177

RLSA-2025:14178

RLSA-2025:14179

RLSA-2025:14181

SUSE-SU-2025:02992-1

SUSE-SU-2025:03006-1

UBUNTU-CVE-2025-48989

Related

Published

2025-08-13T13:15:34Z

Modified

2025-10-21T02:37:02Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.

Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

References

https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomcat
Events: Introduced

3c78e95e36268dfb76db1570f0cf49104fa6eabc

Fixed

c63765c906c86af8afa43281f591d11ac5c9e5c1