CVE-2025-48989

EUVD-2025-24559
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.

Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
apachetomcat
9.0.1 ≤
𝑥
< 9.0.108
apachetomcat
10.0.0 ≤
𝑥
< 10.1.44
apachetomcat
11.0.0 ≤
𝑥
< 11.0.10
apachetomcat
9.0.0:milestone1
apachetomcat
9.0.0:milestone10
apachetomcat
9.0.0:milestone11
apachetomcat
9.0.0:milestone12
apachetomcat
9.0.0:milestone13
apachetomcat
9.0.0:milestone14
apachetomcat
9.0.0:milestone15
apachetomcat
9.0.0:milestone16
apachetomcat
9.0.0:milestone17
apachetomcat
9.0.0:milestone18
apachetomcat
9.0.0:milestone19
apachetomcat
9.0.0:milestone2
apachetomcat
9.0.0:milestone20
apachetomcat
9.0.0:milestone21
apachetomcat
9.0.0:milestone22
apachetomcat
9.0.0:milestone23
apachetomcat
9.0.0:milestone24
apachetomcat
9.0.0:milestone25
apachetomcat
9.0.0:milestone26
apachetomcat
9.0.0:milestone27
apachetomcat
9.0.0:milestone3
apachetomcat
9.0.0:milestone4
apachetomcat
9.0.0:milestone5
apachetomcat
9.0.0:milestone6
apachetomcat
9.0.0:milestone7
apachetomcat
9.0.0:milestone8
apachetomcat
9.0.0:milestone9
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensSIMATIC CN 4100
𝑥
< V5.0
ADP
Debian logo
Debian Releases
Debian Product
Codename
tomcat10
bookworm
10.1.52-1~deb12u1
fixed
bookworm (security)
10.1.52-1~deb12u1
fixed
forky
10.1.54-1
fixed
sid
10.1.54-1
fixed
trixie
10.1.52-1~deb13u1
fixed
trixie (security)
10.1.52-1~deb13u1
fixed
tomcat11
forky
11.0.21-1
fixed
sid
11.0.22-2
fixed
trixie
11.0.15-1~deb13u1
fixed
trixie (security)
11.0.15-1~deb13u1
fixed
tomcat9
bookworm
9.0.70-2
fixed
bullseye
vulnerable
bullseye (security)
9.0.107-0+deb11u2
fixed
forky
9.0.115-1
fixed
sid
9.0.115-1
fixed
trixie
9.0.95-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
tomcat
suse enterprise sap 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP7
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP2
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP7
9.0.108-150200.91.1
fixed
tomcat-admin-webapps
suse enterprise sap 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP7
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP2
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP7
9.0.108-150200.91.1
fixed
tomcat-el-3_0-api
suse enterprise sap 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP7
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP2
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP7
9.0.108-150200.91.1
fixed
tomcat-jsp-2_3-api
suse enterprise sap 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP7
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP2
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP7
9.0.108-150200.91.1
fixed
tomcat-lib
suse enterprise sap 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP7
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP2
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP7
9.0.108-150200.91.1
fixed
tomcat-servlet-4_0-api
suse enterprise sap 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP7
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP2
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP7
9.0.108-150200.91.1
fixed
tomcat-webapps
suse enterprise sap 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise sap 15 SP7
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP2
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP3
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP4
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP5
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP6
9.0.108-150200.91.1
fixed
suse enterprise server 15 SP7
9.0.108-150200.91.1
fixed
tomcat10
suse enterprise sap 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP7
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP7
10.1.44-150200.5.51.1
fixed
tomcat10-admin-webapps
suse enterprise sap 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP7
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP7
10.1.44-150200.5.51.1
fixed
tomcat10-el-5_0-api
suse enterprise sap 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP7
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP7
10.1.44-150200.5.51.1
fixed
tomcat10-jsp-3_1-api
suse enterprise sap 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP7
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP7
10.1.44-150200.5.51.1
fixed
tomcat10-lib
suse enterprise sap 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP7
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP7
10.1.44-150200.5.51.1
fixed
tomcat10-servlet-6_0-api
suse enterprise sap 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP7
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP7
10.1.44-150200.5.51.1
fixed
tomcat10-webapps
suse enterprise sap 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise sap 15 SP7
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP5
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP6
10.1.44-150200.5.51.1
fixed
suse enterprise server 15 SP7
10.1.44-150200.5.51.1
fixed
tomcat11
suse enterprise sap 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise sap 15 SP7
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP7
11.0.10-150600.13.9.1
fixed
tomcat11-admin-webapps
suse enterprise sap 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise sap 15 SP7
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP7
11.0.10-150600.13.9.1
fixed
tomcat11-el-6_0-api
suse enterprise sap 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise sap 15 SP7
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP7
11.0.10-150600.13.9.1
fixed
tomcat11-jsp-4_0-api
suse enterprise sap 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise sap 15 SP7
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP7
11.0.10-150600.13.9.1
fixed
tomcat11-lib
suse enterprise sap 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise sap 15 SP7
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP7
11.0.10-150600.13.9.1
fixed
tomcat11-servlet-6_1-api
suse enterprise sap 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise sap 15 SP7
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP7
11.0.10-150600.13.9.1
fixed
tomcat11-webapps
suse enterprise sap 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise sap 15 SP7
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP6
11.0.10-150600.13.9.1
fixed
suse enterprise server 15 SP7
11.0.10-150600.13.9.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
tomcat
RHEL 8
1:9.0.87-1.el8_10.6
fixed
RHEL 8.8 E4S
1:9.0.87-1.el8_8.7
fixed
RHEL 8.8 TUS
1:9.0.87-1.el8_8.7
fixed
RHEL 9
1:9.0.87-3.el9_6.3
fixed
tomcat-admin-webapps
RHEL 8
1:9.0.87-1.el8_10.6
fixed
RHEL 8.8 E4S
1:9.0.87-1.el8_8.7
fixed
RHEL 8.8 TUS
1:9.0.87-1.el8_8.7
fixed
RHEL 9
1:9.0.87-3.el9_6.3
fixed
tomcat-docs-webapp
RHEL 8
1:9.0.87-1.el8_10.6
fixed
RHEL 8.8 E4S
1:9.0.87-1.el8_8.7
fixed
RHEL 8.8 TUS
1:9.0.87-1.el8_8.7
fixed
RHEL 9
1:9.0.87-3.el9_6.3
fixed
tomcat-el-3.0-api
RHEL 8
1:9.0.87-1.el8_10.6
fixed
RHEL 8.8 E4S
1:9.0.87-1.el8_8.7
fixed
RHEL 8.8 TUS
1:9.0.87-1.el8_8.7
fixed
RHEL 9
1:9.0.87-3.el9_6.3
fixed
tomcat-jsp-2.3-api
RHEL 8
1:9.0.87-1.el8_10.6
fixed
RHEL 8.8 E4S
1:9.0.87-1.el8_8.7
fixed
RHEL 8.8 TUS
1:9.0.87-1.el8_8.7
fixed
RHEL 9
1:9.0.87-3.el9_6.3
fixed
tomcat-lib
RHEL 8
1:9.0.87-1.el8_10.6
fixed
RHEL 8.8 E4S
1:9.0.87-1.el8_8.7
fixed
RHEL 8.8 TUS
1:9.0.87-1.el8_8.7
fixed
RHEL 9
1:9.0.87-3.el9_6.3
fixed
tomcat-servlet-4.0-api
RHEL 8
1:9.0.87-1.el8_10.6
fixed
RHEL 8.8 E4S
1:9.0.87-1.el8_8.7
fixed
RHEL 8.8 TUS
1:9.0.87-1.el8_8.7
fixed
RHEL 9
1:9.0.87-3.el9_6.3
fixed
tomcat-webapps
RHEL 8
1:9.0.87-1.el8_10.6
fixed
RHEL 8.8 E4S
1:9.0.87-1.el8_8.7
fixed
RHEL 8.8 TUS
1:9.0.87-1.el8_8.7
fixed
RHEL 9
1:9.0.87-3.el9_6.3
fixed
Common Weakness Enumeration
References
https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf
http://www.openwall.com/lists/oss-security/2025/08/13/2
https://www.kb.cert.org/vuls/id/767506
https://cert-portal.siemens.com/productcert/html/ssa-032379.html