Skip to main content
Mitratech Success Center

Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

Suite (eCounsel, Secretariat) - Apache Tomcat Zero Day

  1. Last updated
  2. Save as PDF

Updated:  March 20, 2025 - 10:10 AM CDT 

Mitratech has been made aware of CVE-2025-24813 about Suite (eCounsel or Secretariat) and Business Objects, which affect Tomcat servers.

If you meet any of these conditions, you are NOT vulnerable:

  • Hosted by Mitratech. To block the vulnerability, we implemented an infrastructure change 

  • Self-hosted using Weblogic or Websphere

  • Using Tomcat version 9.0.99 or later

  • Suite (eCounsel or Secretariat) is not yet compatible with Versions 10 and 11 of Tomcat. 

If you are a self-hosted client using Tomcat 9.x+ then by default you are not vulnerable to this issue, UNLESS there are certain customizations made on your Tomcat server, in which case this may exist.

 

To confirm whether you are affected by CVE-2025-24813, please have someone from your Tomcat deployment team check the provided settings to verify whether you are affected for each instance of both Business Objects and Suite:

Navigate to your Tomcat deployment and find a file in the "conf" folder named "web.xml". Please check all “web.xml” files for the settings below.

  1. Open web.xml and search for "<servlet-name>default</servlet-name>".

  2. Ensure that it does NOT contain an "init-param" for "readonly" set to “false”.

      <init-param>

      <param-name>readonly</param-name>

      <param-value>false</param-value>

      </init-param>

To mitigate this issue the param-value should be set to true

  3. If it contains this string, please contact someone on your infrastructure team to better understand why that setting needs to be enabled.

  4. The mitigation to this issue is to remove the "<init-param>" tags for "readonly" or set the value to "true". This will disable the exploit.

 

Apache Tomcat provides the official fix for this on v9.0.99+, which Suite is compatible with. It is recommended that you upgrade to Tomcat 9.0.99 for the official fix provided by Apache.

References:

https://www.petefreitag.com/blog/tom...rites-enabled/

https://nvd.nist.gov/vuln/detail/CVE-2025-24813

 

This information is subject to change as the situation evolves.  We will make updates to this page as needed.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Classifications
    This page has no classifications.
  2. Tags
    This page has no tags.