CVE-2025-48989 Tomcat vulnerability on NSX Manager 4.2.1.x
Article ID: 409583
Updated On:
Products
VMware NSX
Issue/Introduction
- Apache Tomcat 9.0 Denial of Service (DoS) vulnerability (CVE-2025-48989) in Hypertext Transfer Protocol (HTTP)/2 due to client-triggered stream reset. This Improper Resource Shutdown or Release vulnerability makes Tomcat susceptible to the "made you reset" attack.
- This issue affects below Apache Tomcat versions:
11.0.0-M1 through 11.0.910.1.0-M1 through 10.1.439.0.0.M1 through 9.0.107 - Older, End-of-Life (EOL) versions may also be affected.
- The CVE priority is classified as Important/High.
Environment
VMware NSX
Resolution
VMware By Broadcom is aware of CVE-2025-48989.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support.
Feedback
Yes
No
Powered by
