• Apache Tomcat 9.0 Denial of Service (DoS) vulnerability (CVE-2025-48989) in Hypertext Transfer Protocol (HTTP)/2 due to client-triggered stream reset. This Improper Resource Shutdown or Release vulnerability makes Tomcat susceptible to the "made you reset" attack.
  
  
• This issue affects below Apache Tomcat versions:
  11.0.0-M1 through 11.0.9
  10.1.0-M1 through 10.1.43
  9.0.0.M1 through 9.0.107
  
  
• Older, End-of-Life (EOL) versions may also be affected.
• The CVE priority is classified as Important/High.

This vulnerability will be fixed in NSX Version 9.1. The plan is to update the Tomcat version from 9.0.107 to 9.0.108. Additionally, work is ongoing to upgrade from Tomcat 9 to Tomcat 10, specifically to version 10.1.44, to fix the CVE