Apache Tomcat Vulnerability CVE-2025-49124

Question

Hi, our IT department have reported Apache Tomcat Vulnerability CVE-2025-49124 which impacts both our production and non-production servers running FME Flow 2024.2.1.

Has anyone else reported this to Safe Software and is there a plan to provide a fix in 2025.1.4?

Description

Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Page 1 / 1

Hello,

Thank you for bringing this to our attention. There is a development initiative to upgrade the tomcat version to the latest version 9 build (so 9.0.106+) and it will be planned for a minor 2025.1.x release. ePlease be advised that this is an ETA at this time]

Reply

merlinegeorge · Answer

Hello,Thank you forbringing this to our attention. There is a development initiative to upgrade the tomcat version to thelatest version 9 build (so 9.0.106+) and itwill be planned for a minor 2025.1.x release.[Please be advised that this is an ETA at this time]

Description

Reply

Community Stats

Latest FME

Description

Reply

Community Stats

Latest FME

Sign up

An FME Account is required to contribute

Login to the community

An FME Account is required to contribute

Scanning file for viruses.

This file cannot be downloaded