In the latest scan below vulnerabilities were reported with Clarity?  

• CVE-2025-48976 
• CVE-2025-49125 
• CVE-2025-49124 
• CVE-2025-48988 

Clarity 16.3.1, 16.3.2

All the above mentioned vulnerabities are not conclusive and NVD assessment not yet provided.  

• CVE-2025-48976 - Clarity uses apache.commons.fileupload. Current version is 1.5.  
• CVE-2025-49125 - Clarity support tomcat 9.0.98 with 16.3.2 . Upgrade to 9.0.106 should be ok as  higher patch level are supported 
• CVE-2025-49124 -  Clarity support tomcat 9.0.98 with 16.3.2 . Upgrade to 9.0.106 should be ok as  higher patch level are supported 
• CVE-2025-48988 - Clarity support tomcat 9.0.98 with 16.3.2 . Upgrade to 9.0.106 should be ok as  higher patch level are supported

However Tomcat can still be upgraded to the mitigated version of Tomcat mentioned in above CVE's 

• Steps to upgrade Tomcat with Clarity 
  • Stop and remove all the clarity services 
  • Download the Tomcat from Apache  Website
  • Extract the downloaded Tomcat to the servers 
  • Edit the properties.xml and update the path of the new tomcat version
  • Re deploy the services and test in around use cases 

Note: If there are certificates installed please cross check and update the same to ensure its working