Security Announcement on CVE-2025-24813

We will update this announcement with new details as they emerge from our analysis. Please check back periodically.

Last update: 01 April 2025, 13:30 CET

CVE-2025-24813 is an Apache Tomcat vulnerability that does not affect OPTIMAL SYSTEMS products.

As the default values in our Tomcat configurations have not been changed and the write permissions for the standard servlet are not activated, which is a prerequisite for exploitation, this vulnerability cannot be exploited in any of our software components.

For this reason, the Tomcat versions are updated as part of our standard security patch cycles with normal priority.

Further official information on this can be found at the National Institute of Standards and Technology.

Navigation

Navigate through the help pages using the table of contents on the left. If it is not displayed when the window width is small, you can temporarily show it via the hamburger menu on the right.

Use the arrows on the toolbar to navigate to the next/previous page.

You can show hidden areas. Use the toolbar to show all hidden areas at once:

Clicking the product icon in the header returns you to the beginning of the current area. Use the toolbar to access the initial page: