Apache Tomcat: Unauthorized Access to Server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache Tomcat: Unauthorized Access to Server

ROOT-APP-MAVEN-CVE-2025-49124

Summary

A security update has been released for Apache Tomcat that fixes a vulnerability that could allow an attacker to access your server without a password. This affects systems using Apache Tomcat, and it's recommended to update to the latest patched version to prevent unauthorized access.

What to do

Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.13-root.io.9.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.6.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.8.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.9.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.10.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:Maven	–	io.root.org.apache.tomcat:tomcat-catalina	< 10.1.13-root.io.9 < 10.1.39-root.io.6 < 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.13-root.io.9

Original title

CVE-2025-49124 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Original description

Root has patched CVE-2025-49124 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available.

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 7 Apr 2026