Knowledge Article View - Customer Support

Severity: High

Description: SAS^® Studio 3.81, SAS^® Studio 3.82, and SAS^® Studio 3.83 Single-User contain a version of Apache Tomcat affected by the following CVEs:

CVE-2025-48988
CVE-2025-48976
CVE-2025-49125
CVE-2025-49124
CVE-2025-46701

Here are some additional CVEs that are specific to the releases of SAS Studio:

SAS Studio 3.81 and SAS Studio 3.82 Single-User contains the following CVEs:

CVE-2025-52434
CVE-2025-52520
CVE-2025-53506

Only SAS Studio 3.83 Single-User contains the following CVEs:

CVE-2025-31651
CVE-2025-31650
CVE-2025-48989

Potential Impact: Refer to the CVE records for details.

SAS® Studio Single-User contains a version of Apache Tomcat with known security vulnerabilities