Apache Tomcat: Unauthenticated Access to Sensitive Data Possible

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache Tomcat: Unauthenticated Access to Sensitive Data Possible

ROOT-APP-MAVEN-CVE-2025-66614

Summary

A security patch has been released for Apache Tomcat's Catalina component. This patch fixes a vulnerability that could allow unauthorized access to sensitive information. If you use Apache Tomcat, you should update to a patched version to protect your system.

What to do

Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.6.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.8.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.9.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.10.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:Maven	–	io.root.org.apache.tomcat:tomcat-catalina	< 10.1.39-root.io.6 < 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.39-root.io.6

Original title

CVE-2025-66614 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Original description

Root has patched CVE-2025-66614 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available.

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026