CVE-2025-41242

Path traversal vulnerability on non-compliant Servlet containers

FALSE POSITIVE

Rundeck and Runbook Automation are not vulnerable to this CVE.

This is a Spring vulnerability, but the CVE article says "deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration." The Rundeck product does not disable disable the default security features.