CVE-2025-48989

EPSS 0.2%
Veröffentlicht 13.08.2025 12:11:26
Zuletzt bearbeitet 18.08.2025 18:34:04
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.

Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version >= 9.0.1 < 9.0.108

Apache ≫ Tomcat Version >= 10.0.0 < 10.1.44

Apache ≫ Tomcat Version >= 11.0.0 < 11.0.10

Apache ≫ Tomcat Version9.0.0 Updatemilestone1

Apache ≫ Tomcat Version9.0.0 Updatemilestone10

Apache ≫ Tomcat Version9.0.0 Updatemilestone11

Apache ≫ Tomcat Version9.0.0 Updatemilestone12

Apache ≫ Tomcat Version9.0.0 Updatemilestone13

Apache ≫ Tomcat Version9.0.0 Updatemilestone14

Apache ≫ Tomcat Version9.0.0 Updatemilestone15

Apache ≫ Tomcat Version9.0.0 Updatemilestone16

Apache ≫ Tomcat Version9.0.0 Updatemilestone17

Apache ≫ Tomcat Version9.0.0 Updatemilestone18

Apache ≫ Tomcat Version9.0.0 Updatemilestone19

Apache ≫ Tomcat Version9.0.0 Updatemilestone2

Apache ≫ Tomcat Version9.0.0 Updatemilestone20

Apache ≫ Tomcat Version9.0.0 Updatemilestone21

Apache ≫ Tomcat Version9.0.0 Updatemilestone22

Apache ≫ Tomcat Version9.0.0 Updatemilestone23

Apache ≫ Tomcat Version9.0.0 Updatemilestone24

Apache ≫ Tomcat Version9.0.0 Updatemilestone25

Apache ≫ Tomcat Version9.0.0 Updatemilestone26

Apache ≫ Tomcat Version9.0.0 Updatemilestone27

Apache ≫ Tomcat Version9.0.0 Updatemilestone3

Apache ≫ Tomcat Version9.0.0 Updatemilestone4

Apache ≫ Tomcat Version9.0.0 Updatemilestone5

Apache ≫ Tomcat Version9.0.0 Updatemilestone6

Apache ≫ Tomcat Version9.0.0 Updatemilestone7

Apache ≫ Tomcat Version9.0.0 Updatemilestone8

Apache ≫ Tomcat Version9.0.0 Updatemilestone9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.421

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-48989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48989

EUVD