Patch 2025.1.1 / CVEs CVE-2025-53506 & CVE-2025-52550

30. Juli 2025

Two separate vulnerabilities CVE-2025-53506 and CVE-2025-52520 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2025.1.1 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Dependecy Upgrades

Upgrade to Spring Boot 3.4.8 including embedded Tomcat 10.1.43 to avoid potential issues with CVE-2025-53506 and CVE-2025-52520

(since 2025.1.0)

Container Image: infomotiondmc.azurecr.io/dmc@sha256:582f38135d34b032f7d928791c4db8b6532e3fbe8190a1c2e8b8bb85fd7b8756 WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.1.1/dmc.war (sha256: 4925e519a125eb9b615ee12d75f8ebf1008c46109504738758204946b08c5d31)

Dependecy Upgrades​

Dependecy Upgrades