PT-2025-32983 · Apache +4 · Apache Tomcat +4

Anat Bremler-Barr

Published

2025-05-29

Updated

2025-09-03

CVE-2025-48989

Report an issue

CVSS v2.0

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions:

Apache Tomcat versions 11.0.0-M1 through 11.0.9

Apache Tomcat versions 10.1.0-M1 through 10.1.43

Apache Tomcat versions 9.0.0.M1 through 9.0.107

Description:

A flaw in resource shutdown or release within Apache Tomcat creates a vulnerability to the “Made You Reset” attack. Older, end-of-life versions may also be affected.

Recommendations:

Upgrade to Apache Tomcat version 11.0.10.

Upgrade to Apache Tomcat version 10.1.44.

Upgrade to Apache Tomcat version 9.0.108.

Fix

DoS

Improper Resource Release

Weakness Enumeration

CWE-404

Related Identifiers

ALSA-2025:14177

ALSA-2025:14178

ALSA-2025:14181

BDU:2025-09899

BIT-TOMCAT-2025-48989

CESA-2025_14177

CVE-2025-48989

GHSA-GQP3-2CVR-X8M3

MGASA-2025-0223

RHSA-2025:13685

RHSA-2025_14177

RHSA-2025_14181

SUSE-SU-2025:02992-1

SUSE-SU-2025:03006-1

Affected Products

Almalinux

Apache Tomcat

Centos

Debian

Red Hat

PT-2025-32983 · Apache +4 · Apache Tomcat +4

Weakness Enumeration

Related Identifiers

Affected Products

References · 83