CVE-2025-48989

HIGH 7.5

Apache Tomcat: h2 DoS - Made You Reset

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

CWE	CWE-404
Vendor	apache software foundation
Product	apache tomcat
Published	Aug 13, 2025
Last Updated	May 12, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache tomcat

Be the first to know when new high vulnerabilities affecting apache software foundation apache tomcat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Tomcat

11.0.0-M1 ≤ 11.0.9 10.1.0-M1 ≤ 10.1.43 9.0.0.M1 ≤ 9.0.107

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/9ydfg0xr0tchmglcprhxgwhj0hfwxlyf kb.cert.org: https://www.kb.cert.org/vuls/id/767506 openwall.com: http://www.openwall.com/lists/oss-security/2025/08/13/2 cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-032379.html

Credits

Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel of Tel Aviv University