DEBIAN-CVE-2025-48989
Advisory lineage Upstream: 1 Downstream: 2
Upstream
Downstream
Published: 13 Aug 2025, 13:15
Last modified:28 Apr 2026, 20:30
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
13 Aug 2025, 13:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:30
Last Modified
Vulnerability information updated
Description
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- debian•tomcat10
all | all | all | < 10.1.52-1~deb12u1 | < 10.1.52-1~deb13u1 | < 10.1.52-1
- debian•tomcat11
all | < 11.0.15-1~deb13u1 | < 11.0.11-1
- debian•tomcat9
< 9.0.70-2 | < 9.0.70-2 | < 9.0.70-2 | < 9.0.70-2