CVE-2025-49125 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Access restriction bypass
Description	When using PreResources or PostResources mounted other than at the root of the web application, it was possible to access those resources via an unexpected path. That path was likely not to be protected by the same security constraints as the expected path, allowing those security constraints to be bypassed.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2889	tomcat9	9.0.100-1		High	Vulnerable
AVG-2888	tomcat10	10.1.40-1		High	Vulnerable

References
https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.106 https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.42 https://github.com/apache/tomcat/commit/9418e3ff9f1f4c006b4661311ae9376c52d162b9

References

https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.106
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.42
https://github.com/apache/tomcat/commit/9418e3ff9f1f4c006b4661311ae9376c52d162b9