CVE-2025-48989
Essential information
- Published
- 13/08/2025 13:15
- Modified
- 13/08/2025 20:15
- Author
- —
- Creator
- —
- CVSS
- 7.5 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- NONE
- Integrity impact
- NONE
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.
Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.
NVD status
- Status
- Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| apache / tomcat | cpe:2.3:a:apache:tomcat:11.0.0-M1-11.0.9:*:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:10.1.0-M1-10.1.43:*:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:9.0.0.M1-9.0.107:*:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:11.0.10:*:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:10.1.44:*:*:*:*:*:*:* |
| apache / tomcat | cpe:2.3:a:apache:tomcat:9.0.108:*:*:*:*:*:*:* |