CVE-2025-49124 – Apache Tomcat Windows Untrusted Search Path Vulnerability

June 16, 2025

CVE ID : CVE-2025-49124

Published : June 16, 2025, 3:15 p.m. | 3 hours, 6 minutes ago

Description : Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49125 – Apache Tomcat PreResources/PostResources Path Bypass

Next Article CVE-2025-48988 – Apache Tomcat Denial of Service Vulnerability

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2025-49124 – Apache Tomcat Windows Untrusted Search Path Vulnerability

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

I expected this $20 Amazon Basics multitool to be junk, but it proved me wrong

CVE-2025-3769 – LatePoint WordPress Calendar Booking Plugin Insecure Direct Object Reference Vulnerability

Mongoose Now Natively Supports QE and CSFLE

This month in security with Tony Anscombe – February 2025 edition

LG’s absurd new OLED gaming monitors want to replace your TV entirely — and of course they have AI

MongoDB 8.0: Improving Performance, Avoiding Regressions

How to use File History on Windows 11 to protect your documents with backups

Customize DeepSeek-R1 671b model using Amazon SageMaker HyperPod recipes – Part 2

CVE-2025-49124 – Apache Tomcat Windows Untrusted Search Path Vulnerability

Related Posts