CVE-2025-48989

EPSS 0.98%
Veröffentlicht 13.08.2025 12:11:26
Zuletzt bearbeitet 12.05.2026 13:17:20
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat: h2 DoS - Made You Reset

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.

Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 30 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version >= 9.0.1 < 9.0.108

Apache ≫ Tomcat Version >= 10.0.0 < 10.1.44

Apache ≫ Tomcat Version >= 11.0.0 < 11.0.10

Apache ≫ Tomcat Version9.0.0 Updatemilestone1

Apache ≫ Tomcat Version9.0.0 Updatemilestone10

Apache ≫ Tomcat Version9.0.0 Updatemilestone11

Apache ≫ Tomcat Version9.0.0 Updatemilestone12

Apache ≫ Tomcat Version9.0.0 Updatemilestone13

Apache ≫ Tomcat Version9.0.0 Updatemilestone14

Apache ≫ Tomcat Version9.0.0 Updatemilestone15

Apache ≫ Tomcat Version9.0.0 Updatemilestone16

Apache ≫ Tomcat Version9.0.0 Updatemilestone17

Apache ≫ Tomcat Version9.0.0 Updatemilestone18

Apache ≫ Tomcat Version9.0.0 Updatemilestone19

Apache ≫ Tomcat Version9.0.0 Updatemilestone2

Apache ≫ Tomcat Version9.0.0 Updatemilestone20

Apache ≫ Tomcat Version9.0.0 Updatemilestone21

Apache ≫ Tomcat Version9.0.0 Updatemilestone22

Apache ≫ Tomcat Version9.0.0 Updatemilestone23

Apache ≫ Tomcat Version9.0.0 Updatemilestone24

Apache ≫ Tomcat Version9.0.0 Updatemilestone25

Apache ≫ Tomcat Version9.0.0 Updatemilestone26

Apache ≫ Tomcat Version9.0.0 Updatemilestone27

Apache ≫ Tomcat Version9.0.0 Updatemilestone3

Apache ≫ Tomcat Version9.0.0 Updatemilestone4

Apache ≫ Tomcat Version9.0.0 Updatemilestone5

Apache ≫ Tomcat Version9.0.0 Updatemilestone6

Apache ≫ Tomcat Version9.0.0 Updatemilestone7

Apache ≫ Tomcat Version9.0.0 Updatemilestone8

Apache ≫ Tomcat Version9.0.0 Updatemilestone9

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.98%	0.77

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf

Vendor Advisory

Mailing List

https://www.kb.cert.org/vuls/id/767506

http://www.openwall.com/lists/oss-security/2025/08/13/2

https://cert-portal.siemens.com/productcert/html/ssa-032379.html

https://nvd.nist.gov/vuln/detail/CVE-2025-48989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48989

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-48989