Vulnerability impact of CVE-2025-41242 on Symantec Data Center Security Server Advanced
search cancel

Vulnerability impact of CVE-2025-41242 on Symantec Data Center Security Server Advanced

book

Article ID: 411276

calendar_today

Updated On:

Products

Data Center Security Server Advanced Data Center Security Server

Issue/Introduction

Vulnerability impact of CVE-2025-41242 on Symantec Data Center Security(DCS) and Symantec Data Center Security Server Advanced(DCSSA)

Environment

DCSSA version :6.9.2, 6.9.3

Resolution

  • CVE-2025-41242: Both DCS 6.9.3 and 6.9.2 servers are NOT vulnerable.
  • This vulnerability is a path traversal issue affecting Spring Framework MVC applications deployed on non-compliant servlet containers.
  • DCS 6.9.3 and 6.9.2 servers operate on Apache Tomcat 9.0.x, utilizing the default standard servlet container with its security measures enabled. The URI path canonicalization, a security feature enabled by default, will block malicious requests before they reach the application. Therefore, neither DCS 6.9.3 nor 6.9.2 servers are susceptible to this vulnerability.
Powered by Wolken Software