CVE-2025-49124 Information
Jun 17, 2025
cve
Description
Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation the Tomcat installer for Windows used icacls.exe without specifying a full path.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7 from 10.1.0 through 10.1.41 from 9.0.23 through 9.0.105.
Users are recommended to upgrade to version 11.0.8 10.1.42 or 9.0.106 which fix the issue.
Reference
http://www.openwall.com/lists/oss-security/2025/06/16/3 https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv
Related CNNVD
CNNVD-202506-1899 (Published: 2025-06-16)
Share on: