PatchSiren cyber security CVE debrief
CVE-2025-48989 Cert Portal CVE debrief
CVE-2025-48989 is a high-severity Apache Tomcat availability issue caused by improper resource shutdown or release, described by the advisory as enabling the "made you reset" attack. The affected ranges are 11.0.0-M1 through 11.0.9, 10.1.0-M1 through 10.1.43, and 9.0.0.M1 through 9.0.107. The advisory recommends upgrading to 11.0.10, 10.1.44, or 9.0.108; older EOL versions may also be affected.
- Vendor
- Cert Portal
- Product
- Siemens SIMATIC CN 4100 vers:intdot/<5.0
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-05-14
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-05-14
Who should care
Teams running Apache Tomcat in the affected version ranges should prioritize this, especially if the service is internet-facing or supports critical web applications. Operators of products or appliances that bundle Tomcat should also verify whether the vendor has incorporated the fixed versions. Organizations still on EOL Tomcat releases should treat the advisory as urgent because those versions may also be affected.
Technical summary
The supplied advisory describes an improper resource shutdown/release weakness in Apache Tomcat with a CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, which maps to a network-reachable, no-auth, no-user-interaction availability impact. The affected releases listed are 11.0.0-M1 through 11.0.9, 10.1.0-M1 through 10.1.43, and 9.0.0.M1 through 9.0.107. Vendor-fixed releases are 11.0.10, 10.1.44, and 9.0.108.
Defensive priority
High. This is a remotely reachable, low-complexity, no-privilege, no-interaction availability issue with a high service-impact rating, so patching should be prioritized.
Recommended defensive actions
- Inventory Apache Tomcat instances and identify any systems in the affected version ranges.
- Upgrade to Apache Tomcat 11.0.10, 10.1.44, or 9.0.108, or later supported releases.
- If you are running an EOL Tomcat release, move to a supported line and apply the fixed version.
- Check appliances, platforms, and applications that embed Tomcat for vendor-provided updates.
- Validate that operational monitoring, restart procedures, and failover controls can absorb a denial-of-service event.
- Use CISA and vendor hardening guidance to reduce exposure in environments where Tomcat is externally reachable.
Evidence notes
The primary evidence is the CISA CSAF source item ICSA-26-134-10, which republishes Siemens ProductCERT advisory SSA-032379. The corpus states the advisory was initially published on 2026-05-12 and republished by CISA on 2026-05-14. The supplied metadata also includes official CVE.org and NVD links and the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The corpus contains a Siemens SIMATIC CN 4100 product field that does not align cleanly with the Apache Tomcat vulnerability description, so product applicability should be validated before operational decisions are made.
Official resources
-
CVE-2025-48989 CVE record
CVE.org
-
CVE-2025-48989 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-05-12; the source advisory was republished by CISA on 2026-05-14. No KEV listing is supplied in the corpus.