Report from security team that some of their VMs have been flagged with CVEs

CVE-2025-55752 - Apache Tomcat 9.0.0.M11 < 9.0.109 multiple vulnerabilities
CVE-2025-55752 Detail
Description
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded.

CVE-2025-55754 - Apache Tomcat 9.0.40 < 9.0.109 multiple vulnerabilities
CVE-2025-55754 Detail
Description
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages.

To resolve these vulnerabilities upgrade your Ops Manger to version 3.1.6 which contains Apache Tomcat v9.0.112 which is not affected by this CVE.