Security Announcement on CVE-2025-24813

​​We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 01 April 2025, 13:30 CET

CVE-2025-24813 is an Apache Tomcat vulnerability that does not affect OPTIMAL SYSTEMS products.

As the default values in our Tomcat configurations have not been changed and the write permissions for the standard servlet are not activated, which is a prerequisite for exploitation, this vulnerability cannot be exploited in any of our software components.

For this reason, the Tomcat versions are updated as part of our standard security patch cycles with normal priority.

Further official information on this can be found at the National Institute of Standards and Technology.