Primary

Context

Apache Tomcat Untrusted Search Path Vulnerability in Windows Installer Allowing Side-loading

Vulnerability

Patched

A side-loading vulnerability has been identified in the Apache Tomcat installer for Windows. This issue arises from the installer using icacls.exe without a specified full path, creating an untrusted search path vulnerability. Affected versions include Apache Tomcat 11.0.0-M1 through 11.0.7, 10.1.0 through 10.1.41, and 9.0.23 through 9.0.105.

Impact

Exploitation of this vulnerability could lead to unauthorized side-loading of libraries, potentially allowing for the execution of malicious code.

Remediation

Users are advised to upgrade to Apache Tomcat 11.0.8, 10.1.42, or 9.0.106.

Added: Jun 16, 2025, 3:22 PM

Updated: Jun 16, 2025, 3:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.8

impact

10.0

exploitability

3.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.8

impact

10.0

exploitability

3.6

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Tomcat Untrusted Search Path Vulnerability in Windows Installer Allowing Side-loading

Vulnerability

Impact

Remediation

Affected Products

Apache Tomcat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating