More information regarding vulnerability can be found below:

https://nvd.nist.gov/vuln/detail/CVE-2025-24813

Is Tomcat, which is used by Applications Manager, vulnerable to CVE-2025-24813?

Applications Manager 9.5.x, 9.6.x

Applications Manager is not vulnerable to CVE-2025-24813.

Applications Manager 9.5.x ships Tomcat application along with the product.

Applications Manager 9.6.0 uses embedded Tomcat in the Integrated Web Server.

The first condition for exploitability of the vulnerability is that writes must be enabled for the default servlet. This setting is disabled by default. Hence Applications Manager is not vulnerable.