Home

Description

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

PUBLISHED Reserved 2025-05-29 | Published 2025-08-13 | Updated 2025-08-13 | Assigner apache

Problem types

CWE-404 Improper Resource Shutdown or Release

Product status

Default status
unaffected

11.0.0-M1
affected

10.1.0-M1
affected

9.0.0.M1
affected

8.5.0
unknown

Credits

Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel of Tel Aviv University finder

References

lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf vendor-advisory

cve.org (CVE-2025-48989)

nvd.nist.gov (CVE-2025-48989)

Download JSON