Patch 2024.2.9 / CVEs CVE-2025-53506 & CVE-2025-52550
Two separate vulnerabilities CVE-2025-53506 and CVE-2025-52520 have been disclosed, affecting the Tomcat Web Application Server.
A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.9 of Data Management Center that includes a patched version of Apache Tomcat.
Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.
Dependecy Upgrades
- Upgrade to Spring Boot 3.4.8 including embedded Tomcat 10.1.43 to avoid potential issues with CVE-2025-53506 and CVE-2025-52520
(since 2024.2.8)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.9