CVE-2025-31650 CVE-2025-31651 on the Apache Tomcat in TAP(Tanzu application platform)
search cancel

CVE-2025-31650 CVE-2025-31651 on the Apache Tomcat in TAP(Tanzu application platform)

book

Article ID: 400919

calendar_today

Updated On:

Products

VMware Tanzu Platform

Issue/Introduction

We can identified a CVE-2025-31650 CVE-2025-31651 on the Apache Tomcat.

Workload created using java-buildpack 9.18.0


Environment

TAP

Cause

java-buildpack 9.18.0 contains versions of Tomcat that are listed as affected by this CVE. Any workload created using this version will be effected.

Resolution

New versions of the Tanzu Java buildpacks have been released with the latest Tomcat versions:

  • 9.0.105. 
  • 10.1.41

The Buildpack versions are:

  • Tanzu Java 10.3.0
  • Tanzu Java Native Image 7.21.0

 

 

Additional Information

Tomcat is not used by the TAP GUI and only workload created using javabuildpack is effected

Powered by Wolken Software