Apache Tomcat: h2 DoS – Made You Reset_CVE-2025-48989

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.

Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

Basic Information

ID CVE-2025-48989

Source apache

Published Aug 13, 2025 at 12:11

Modified Aug 13, 2025 at 19:56

Affected Product

Vendor Apache Software Foundation

Product Apache Tomcat

Version 11.0.0-M1

Affected Versions Apache Software Foundation Apache Tomcat 11.0.0-M1
Apache Software Foundation Apache Tomcat 10.1.0-M1
Apache Software Foundation Apache Tomcat 9.0.0.M1

CWE Classification

CWE-404

References

lists.apache.org /thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf

{
    "lastseen": "",
    "description": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.",
    "published": "2025-08-13T12:11:26.124Z",
    "modified": "2025-08-13T19:56:35.999Z",
    "type": "cve",
    "title": "Apache Tomcat: h2 DoS - Made You Reset",
    "source": "apache",
    "references": "https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf",
    "id": "CVE-2025-48989",
    "bulletinFamily": "",
    "cwe": [
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Tomcat 11.0.0-M1\nApache Software Foundation Apache Tomcat 10.1.0-M1\nApache Software Foundation Apache Tomcat 9.0.0.M1",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Tomcat",
    "version": "11.0.0-M1",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}