Apache Tomcat: Unauthorized Access to Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache Tomcat: Unauthorized Access to Sensitive Data

ROOT-APP-MAVEN-CVE-2025-31651

Summary

A vulnerability in the Apache Tomcat web server allows an attacker to access sensitive data without permission. This affects users who run Apache Tomcat, and it's essential to update the software to a patched version to prevent unauthorized access. We recommend checking for and applying available updates.

What to do

Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.13-root.io.9.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.6.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.8.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.9.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.10.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:Maven	–	io.root.org.apache.tomcat:tomcat-catalina	< 10.1.13-root.io.9 < 10.1.39-root.io.6 < 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.13-root.io.9

Original title

CVE-2025-31651 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Original description

Root has patched CVE-2025-31651 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available.

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 7 Apr 2026