CVE-2025-55752 was identified in vulnerability scan for AutoSys Tomcat webserver.

Affected versions: Apache Tomcat Affects: 9.0.0.M11 to 9.0.108

Below is the environment details:

[autosys@server webserver]$ autoflags -a
0233 LINUX ORA 12.1 01.03 b08cef40 

[autosys@server bin]$ ./version.sh
Using CATALINA_BASE:   /opt/autosys/webserver
Using CATALINA_HOME:   /opt/autosys/webserver
Using CATALINA_TMPDIR: /opt/autosys/webserver/temp
Using JRE_HOME:        /opt/autosys/JRE_WA
Using CLASSPATH:       /opt/autosys/webserver/bin/bootstrap.jar:/opt/autosys/webserver/bin/tomcat-juli.jar
Using CATALINA_OPTS:
Server version: Apache Tomcat/9.0.108
Server built:   Jul 31 2025 18:19:48 UTC
Server number:  9.0.108.0
OS Name:        Linux
OS Version:     4.18.0-553.77.1.el8_10.x86_64
Architecture:   amd64
JVM Version:    1.8.0_372-b07
JVM Vendor:     Temurin

Per the NVD detail description for vulnerability CVE-2025-55752, upgrading the Tomcat webserver resolves the vulnerability.

When upgrading Tomcat, it is important to remember that you can upgrade to any minor release within the limits of the major release according to the product documentation compatibility for the version of AutoSys in use.

For example, in this particular use case, 9.0.108 is the current version in use; flagged as vulnerable. In the NVD details, it states to upgrade Tomcat to at least 9.0.109.

Upgrading to the most current release will resolve this vulnerability and may also resolve any additional vulnerabilities reported between 9.0.108 and the most current release.

Vist the Apache Tomcat® download site to download the latest Tomcat version.

Reference/Follow the documented steps to Upgrade Tomcat version for AutoSys in the AutoSys documentation.