Apache Tomcat Server is affected by a vulnerability(CVE-2025-24813) in Sonar 9.9 LTA

saravanan_csk · April 28, 2025, 1:41am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube Server Community Edition - 9.9 LTA)
how is SonarQube deployed: ZIP
what are you trying to achieve: Trying to resolve the Vulnerability issue found in the scanning.
what have you tried so far to achieve this

**Do not share screenshots of logs –

The version(9.0.85) of Tomcat installed on the remote host is prior to 9.0.99. It is, therefore, affected by a vulnerability as referenced in the fixed_in_apache_tomcat_9.0.99_security-9 advisory.

Please share the solution or if there is any Latest SonarQube version has the solution to solve this Vulnerability.

Colin · April 29, 2025, 9:19am

Hi,

I’ve unlisted your topic since you’re reporting a vulnerability. Our responsible disclosure policy asks that you email security@sonarsource.com rather than making public posts. Could you please re-send this to security@sonarsource.com?

Topic		Replies	Views
How do we update default Tomcat SonarQube Server / Community Build	5	735	April 19, 2024
Sonarqube 9.7 has tomcat 9.0.62 embedded, but CVE-2022-29885 affects tomcat 9.0.62 SonarQube Server / Community Build cve	2	877	November 7, 2022
Need to know about the Tomcat version for Sonarqube 9.9.4 SonarQube Server / Community Build	1	221	April 25, 2024
Tomcat vulnerability SonarQube Server / Community Build security	12	1513	November 18, 2020
Is there "official" sonarqube documentation that states version 9.9 is NOT impacted by CVE-2022-4288 SonarQube Server / Community Build	5	909	May 24, 2023

Apache Tomcat Server is affected by a vulnerability(CVE-2025-24813) in Sonar 9.9 LTA

Related topics