Seal Security

CVE-2025-48989

Apache Tomcat Improper Resource Shutdown or Release vulnerability

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

7.5

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions

org.apache.tomcat:tomcat-coyote >= 11.0.0-M1 < 11.0.10; org.apache.tomcat:tomcat-coyote >= 10.1.0-M1 < 10.1.44; org.apache.tomcat:tomcat-coyote >= 9.0.0.M1 < 9.0.108; org.apache.tomcat.embed:tomcat-embed-core >= 11.0.0-M1 < 11.0.10; org.apache.tomcat.embed:tomcat-embed-core >= 10.1.0-M1 < 10.1.44; org.apache.tomcat.embed:tomcat-embed-core >= 9.0.0.M1 < 9.0.108

Severity

High

Ecosystem

Publish Date

August 13, 2025

Modified Date

August 22, 2025