PT-2025-25562 · Apache · Apache Tomcat

T. Doğa Gelişli

Published

2025-06-09

Updated

2026-04-28

CVE-2025-49124

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.7 Apache Tomcat versions 10.1.0 through 10.1.41 Apache Tomcat versions 9.0.23 through 9.0.105

Description The issue is related to an Untrusted Search Path vulnerability in the Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path.

Recommendations For Apache Tomcat versions 11.0.0-M1 through 11.0.7, upgrade to version 11.0.8. For Apache Tomcat versions 10.1.0 through 10.1.41, upgrade to version 10.1.42. For Apache Tomcat versions 9.0.23 through 9.0.105, upgrade to version 9.0.106.

Fix

DoS

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

BDU:2025-08201

BIT-TOMCAT-2025-49124

CVE-2025-49124

GHSA-42WG-HM62-JCWG

Affected Products

Apache Tomcat

PT-2025-25562 · Apache · Apache Tomcat

CVE-2025-49124

Weakness Enumeration

Related Identifiers

Affected Products

References · 33