Skip to main content
Question

Apache Tomcat Vulnerability CVE-2025-49124

  • June 20, 2025
  • 1 reply
  • 101 views
daraghmccarthy
Contributor
Forum|alt.badge.img

Hi, our IT department have reported Apache Tomcat Vulnerability CVE-2025-49124 which impacts both our production and non-production servers running FME Flow 2024.2.1.

Has anyone else reported this to Safe Software and is there a plan to provide a fix in 2025.1.4?

Description

Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

    danilo_fme
    warrendev
    alexbiz
    3 people upvoted this
    • danilo_fme
      danilo_fme
    • warrendev
      warrendev
    • alexbiz
      alexbiz

    1 reply

    merlinegeorge
    Safer
    Forum|alt.badge.img+5

    Hello,

    Thank you for bringing this to our attention. There is a development initiative to upgrade the tomcat version to the latest version 9 build (so 9.0.106+) and it will be planned for a minor 2025.1.x release. [Please be advised that this is an ETA at this time]

    warrendev
    1 person upvoted this
    • warrendev
      warrendev

    Reply


    Helpful Members This Week

    Community Stats

    31,545
    Posts
    119,582
    Replies
    39,184
    Members

    Latest FME

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings
    A product of
    Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.