CVE-2025-49124 | Apache Tomcat up to 9.0.105/10.1.41/11.0.7 on Windows Installer icacls.exe untrusted search path

A vulnerability has been found in Apache Tomcat up to 9.0.105/10.1.41/11.0.7 on Windows and classified as critical. This vulnerability affects unknown code of the file icacls.exe of the component Installer. The manipulation leads to untrusted search path.

This vulnerability was named CVE-2025-49124. It is possible to launch the attack on the local host. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More