CVE-2025-48989
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-13

Last updated on: 2025-11-04

Assigner: Apache Software Foundation

Description
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-13
Last Modified
2025-11-04
Generated
2026-05-27
AI Q&A
2025-08-13
EPSS Evaluated
2026-05-25
NVD
CVE-2025-48989
Affected Vendors & Products
Showing 30 associated CPEs
Vendor Product Version / Range
apache tomcat From 9.0.1 (inc) to 9.0.108 (exc)
apache tomcat From 10.0.0 (inc) to 10.1.44 (exc)
apache tomcat From 11.0.0 (inc) to 11.0.10 (exc)
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Improper Resource Shutdown or Release issue in Apache Tomcat that makes it susceptible to the 'made you reset' attack. It affects multiple versions of Apache Tomcat, allowing improper handling of resources during shutdown or release processes.


How can this vulnerability impact me? :

The vulnerability could lead to unexpected resets or disruptions in the Apache Tomcat server's operation, potentially causing service interruptions or instability due to improper resource management.


What immediate steps should I take to mitigate this vulnerability?

Users are recommended to upgrade Apache Tomcat to one of the fixed versions: 11.0.10, 10.1.44, or 9.0.108 to mitigate this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart