Introduction
Safe Software is aware of the vulnerability known as CVE-2025-24813 impacting Apache Tomcat.
This article provides an overview of our analysis of this vulnerability and our mitigation advice for users. We will continuously update this article as we have new information to share.
Summary Table
| Application | Version(s) Affected | Platform | Remediation | Workaround |
|---|---|---|---|---|
| FME Form | Not Affected | |||
| FME Flow |
Not Affected Default installation is not affected as the default servlet in Tomcat is not write-enabled. Custom installs or configurations of Tomcat should be reviewed by your IT team. |
|||
| FME Flow Hosted | Not Affected | |||
| FME Mobile Applications | Not Affected | |||
| FME License Server | Not Affected | |||
*Per our Product Support Policy, only the current year's release of FME will be assessed for security issues. However, in this specific case, we've extended our review to include older supported versions dating back to FME 2021.
FME Platform Applications
FME Form
No versions of FME Form are affected by the vulnerability described as CVE-2025-24813.
FME Flow
No versions of FME Flow are affected by the vulnerability described as CVE-2025-24813. Default installation is not affected as the default servlet in Tomcat is not write-enabled. Custom installs or configurations of Tomcat should be reviewed by your IT team.
FME Flow Hosted
No versions of FME Flow Hosted are affected by the vulnerability described as CVE-2025-24813.
FME AR or Deprecated FME Mobile Applications
No versions of FME AR and FME Mobile are affected by the vulnerability described as CVE-2025-24813.
FME License Server
No versions of FME License Server are affected by the vulnerability described as CVE-2025-24813.
FAQ
How can I be notified of security updates in the future?
If you would like to be notified of security updates from Safe Software, we encourage you to subscribe to our Security Updates email list by signing up via the form on our Security page.
Reporting Security Issues
If you believe you have discovered a vulnerability in the FME Platform, our website, or our other products, please email us as quickly as possible at security at safe dot com.
We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and better protect our users. Please note that we do not compensate individuals or organizations for identifying potential or confirmed security vulnerabilities.
Support
If you have questions or concerns regarding this advisory, please raise a support request. You can view all of our security notices on our Security Center.
Comments
0 comments
Please sign in to leave a comment.