A security scan identified the following files from Foglight Evolve for Apache POI < 5.4.0 Improper Input Validation Vulnerability (CVE-2025-31672).
[FMS_HOME]/state/cartridge.exploded/Cloud-Migration-7_3_0_1/CloudMigration.jar-/poi-ooxml-4.1.2.jar
[FMS_HOME]/state/cartridge.exploded/Cloud-Migration-7_3_0_1/CloudMigration.jar-/poi-4.1.2.jar
[FMS_HOME]/state/cartridge.exploded/Capacity-Director-Lite-7_3_0_1/Capacity.jar-1_0_0/poi-ooxml-3.17.jar
[FMS_HOME]/state/cartridge.exploded/Capacity-Director-Lite-7_3_0_1/Capacity.jar-1_0_0/poi-3.17.jar
[FMS_HOME]/state/cartridge.exploded/Capacity-Director-7_3_0_1/Capacity.jar-1_0_0/poi-ooxml-3.17.jar
[FMS_HOME]/state/cartridge.exploded/Capacity-Director-7_3_0_1/Capacity.jar-1_0_0/poi-3.17.jar
The flagged libraries are versions 3.17 and 4.1.2; the report requests an upgrade to Apache POI 5.4.0 or later.
CVE-2025-31672
https://nvd.nist.gov/vuln/detail/CVE-2025-31672
Foglight Evolve only generates Office documents; it is export only and does not does not parse or handle incoming Office files so it is not vulnerable to CVE-2025-31672.
