Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-48989
Good to know:
Date: August 13, 2025
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.
Severity Score
Related Resources (11)
Severity Score
Weakness Type (CWE)
Improper Resource Shutdown or Release
CWE-404Top Fix
Upgrade Version
Upgrade to version org.apache.tomcat:tomcat-coyote:9.0.108;org.apache.tomcat:tomcat-coyote:10.1.44;org.apache.tomcat:tomcat-coyote:11.0.10;org.apache.tomcat.embed:tomcat-embed-core:9.0.108;org.apache.tomcat.embed:tomcat-embed-core:10.1.44;org.apache.tomcat.embed:tomcat-embed-core:11.0.10;https://github.com/apache/tomcat.git - 9.0.108;https://github.com/apache/tomcat.git - 10.1.44;https://github.com/apache/tomcat.git - 11.0.10
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | LOW |
| Availability (A): | HIGH |