PAM / vulnerability in Tomcat announced CVE-2025-24813
search cancel

PAM / vulnerability in Tomcat announced CVE-2025-24813

book

Article ID: 393531

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

According to the information available Affected versions are:

- Apache Tomcat 11.0.0-M1 through 11.0.2

- Apache Tomcat 10.1.0-M1 through 10.1.34

- Apache Tomcat 9.0.0.M1 through 9.0.98

Cause

PAM is using Tomcat 9.0.83, we need to know if PAM can be affected for this vulneraribility

Resolution

This does not impact Tomcat installed on PAM appliances. Precondition for this vulnerability to be exploitable is that the default servlet be write enabled. This default servlet is write disabled by default configuration.

Powered by Wolken Software