Vulnerability CVE-2025-48989 reported for Tomcat version under 9.0.108 in SiteMinder access gateway

search cancel

Vulnerability CVE-2025-48989 reported for Tomcat version under 9.0.108 in SiteMinder access gateway

book

Article ID: 409518

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Apache Tomcat version in SiteMinder access gateway release is < 9.0.108.

There is a vulnerability reported by National Vulnerability Database: CVE-2025-48989

Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-48989

Environment

Siteminde release: any prior version including R12.9
Component: Access Gateway
OS: ALL

Resolution

This vulnerability fix in Tomcat 9.0.108 is related to Http/2 protocol, currently SiteMinder does not support that protocol.

Feedback

thumb_up Yes

thumb_down No