Apache Tomcat RCE Vulnerability: Is FME Impacted?

Kezia Yu
Kezia Yu
  • Updated

Introduction

Safe Software is aware of the vulnerability known as CVE-2025-24813 impacting Apache Tomcat.  

This article provides an overview of our analysis of this vulnerability and our mitigation advice for users. We will continuously update this article as we have new information to share.

 

Summary Table

Application Version(s) Affected Platform Remediation Workaround
FME Form Not Affected
FME Flow Not Affected

Default installation is not affected as the default servlet in Tomcat is not write-enabled.

Custom installs or configurations of Tomcat should be reviewed by your IT team. 
FME Flow Hosted Not Affected
FME Mobile Applications Not Affected
FME License Server Not Affected

*Per our Product Support Policy, only the current year's release of FME will be assessed for security issues. However, in this specific case, we've extended our review to include older supported versions dating back to FME 2021.

 

FME Platform Applications

FME Form

No versions of FME Form are affected by the vulnerability described as CVE-2025-24813.

 

FME Flow

No versions of FME Flow are affected by the vulnerability described as CVE-2025-24813. Default installation is not affected as the default servlet in Tomcat is not write-enabled. Custom installs or configurations of Tomcat should be reviewed by your IT team.

 

FME Flow Hosted

No versions of FME Flow Hosted are affected by the vulnerability described as CVE-2025-24813.

 

FME AR or Deprecated FME Mobile Applications

No versions of FME AR and FME Mobile are affected by the vulnerability described as CVE-2025-24813.

 

FME License Server

No versions of FME License Server are affected by the vulnerability described as CVE-2025-24813.

 

FAQ

How can I be notified of security updates in the future?

If you would like to be notified of security updates from Safe Software, we encourage you to subscribe to our Security Updates email list by signing up via the form on our Security page.

 

Reporting Security Issues

If you believe you have discovered a vulnerability in the FME Platform, our website, or our other products, please email us as quickly as possible at security at safe dot com.

We greatly appreciate the efforts of security researchers and discoverers who share information on security issues with us, giving us a chance to improve our products and better protect our users. Please note that we do not compensate individuals or organizations for identifying potential or confirmed security vulnerabilities.

 

Support

If you have questions or concerns regarding this advisory, please raise a support request. You can view all of our security notices on our Security Center

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.