Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache Tomcat: Unauthorized Access to Files
ROOT-APP-MAVEN-CVE-2025-31650
Summary
A vulnerability in Apache Tomcat allows attackers to access sensitive files on the server. This can happen if you're using an outdated version of Apache Tomcat. Update to a fixed version to protect your system.
What to do
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.6.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.8.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.9.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.10.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:Maven | – | io.root.org.apache.tomcat.embed:tomcat-embed-core |
< 10.1.39-root.io.6 < 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.39-root.io.6
|
Original title
CVE-2025-31650 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Original description
Root has patched CVE-2025-31650 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available.
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026