CVE-2025-48989
HIGHDescription
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.
Is your site exposed to CVE-2025-48989?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
References
Frequently Asked Questions
What is CVE-2025-48989? +
How severe is CVE-2025-48989? +
What products are affected by CVE-2025-48989? +
How do I check if I'm vulnerable to CVE-2025-48989? +
Related Vulnerabilities
Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity …
Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon …
A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when …
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. …
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove …