Installation & Licensing Center
ERROR - Tomcat Vulnerability CVE-2025-24813 detected in Ansys License Manager
Authored by Aaron Schedlin
April 2nd, 2025
63 views
0 likes
KB3197142
ERROR
Windows Defender or other software has detected an unchecked error condition vulnerability in Apache Tomcat.
Software & Version
License Manager 2025R1
*This example was taken from this version but is not necessarily limited to this version.
Description/Cause
Designated CVE-2025-24813, the vulnerability lies in the way the server platform processes PUT requests. A specially crafted data stream could trigger an error in the processing of data deserialization. It is unknown at this time if Ansys License Manager is impacted.
*The cause(s)/solution(s) we identified in this documented instance may not be the only cause(s)/solution(s) for this error.
Solution
Solution 1 - Manually upgrade Tomcat
You can manually upgrade Tomcat to version 10.1.35, however at the time of writing this article, it is not supported by Ansys. This solution should work, but all functionality within the browser GUI has not been tested.
Solution 2 - Delete the Tomcat Folder
Navigate to C:\Program Files\ANSYS Inc\Shared Files\licensing\tools and delete the Tomcat folder. You will not be able to launch License Manager through the browser GUI, but you can start and stop the License Manager from Windows Services.
Solution 3 (Recommended) Stop the Tomcat Service
Stop the Tomcat service in Windows Services. It only needs to run when you launch the License Manager GUI. Start the service when you need to manage licensing within the License Manager and stop the service once complete.
Upgrade expected in version 2025R2
Version 2025R2 will come with Tomcat version 10.1.35