CVE-2025-48989

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf", "name": "https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf", "tags": ["Mailing List", "Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\n\nUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-48989", "ASSIGNER": "security@apache.org"}}, "impact": {}, "publishedDate": "2025-08-13T13:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.1.44", "versionStartIncluding": "10.0.0"}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "11.0.10", "versionStartIncluding": "11.0.0"}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "9.0.108", "versionStartIncluding": "9.0.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-18T18:34Z"}