CVE-2025-49124

{"id": "CVE-2025-49124", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2025-06-16T15:15:24.707", "references": [{"url": "https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv", "tags": ["Mailing List", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2025/06/16/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0 through 10.1.41, from 9.0.23 through 9.0.105.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100 and 7.0.95 through 7.0.109.\u00a0Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en el instalador de Apache Tomcat para Windows. Durante la instalaci\u00f3n, el instalador de Tomcat para Windows utiliz\u00f3 icacls.exe sin especificar una ruta completa. Este problema afecta a Apache Tomcat: de 11.0.0-M1 a 11.0.7, de 10.1.0 a 10.1.41, y de 9.0.23 a 9.0.105. Se recomienda actualizar a las versiones 11.0.8, 10.1.42 o 9.0.106, que solucionan el problema."}], "lastModified": "2025-10-29T12:15:36.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75453702-175A-473F-8F94-5B37BC6AE150", "versionEndExcluding": "9.0.106", "versionStartIncluding": "9.0.23"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "573ACC55-1E48-4489-A269-12C1A4501DDA", "versionEndExcluding": "10.1.42", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE393E87-D325-4ABB-B49C-5863ECD3DD83", "versionEndExcluding": "11.0.8", "versionStartIncluding": "11.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}