PT-2025-32983 · Apache+10 · Apache Tomcat+11

Anat Bremler-Barr

Published

2025-05-29

Updated

2026-06-02

CVE-2025-48989

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 11.0.0-M1 through 11.0.9 Apache Tomcat versions 10.1.0-M1 through 10.1.43 Apache Tomcat versions 9.0.0.M1 through 9.0.107

Description: A flaw in resource shutdown or release within Apache Tomcat creates a vulnerability to the “Made You Reset” attack. Older, end-of-life versions may also be affected.

Recommendations: Upgrade to Apache Tomcat version 11.0.10. Upgrade to Apache Tomcat version 10.1.44. Upgrade to Apache Tomcat version 9.0.108.

Fix

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALSA-2025:14177

ALSA-2025:14178

ALSA-2025:14181

ALT-PU-2025-12367

ALT-PU-2025-12369

BDU:2025-09899

BIT-TOMCAT-2025-48989

CESA-2025_14177

CVE-2025-48989

GHSA-GQP3-2CVR-X8M3

INFSA-2025_14177

INFSA-2025_14181

MGASA-2025-0223

OESA-2025-2243

OPENSUSE-SU-2025:15488-1

OPENSUSE-SU-2025:15489-1

OPENSUSE-SU-2025:15490-1

RHSA-2025:13685

RHSA-2025:14177

RHSA-2025:14178

RHSA-2025:14179

RHSA-2025:14180

RHSA-2025:14181

RHSA-2025:14182

RHSA-2025:14183

RHSA-2025_14177

RHSA-2025_14181

SUSE-SU-2025:02992-1

SUSE-SU-2025:03006-1

SUSE-SU-2025:03024-1

SUSE-SU-2025_02992-1

SUSE-SU-2025_03006-1

SUSE-SU-2025_03024-1

SUSE-SU-2026:1058-1

Affected Products

Alt Linux

Almalinux

Apache Tomcat

Astra Linux

Bamboo

Bitbucket

Centos

Debian

Red Hat

Red Os

Rocky Linux

Suse

PT-2025-32983 · Apache+10 · Apache Tomcat+11

CVE-2025-48989

Weakness Enumeration

Related Identifiers

Affected Products

References · 145