I logged a ticket with Support for this, as I needed an answer quickly. It turns out that we cannot upgrade Tomcat ourselves. However, a new service release is in the works:
Thank you for contacting SolarWinds Technical Support.
My name is <REDACTED> and I will be working on this case with you. It is not possible to update the version of Apache Tomcat running on WHD as it is an integrated service on WHD. If you could wait though, we do have a service release version that is coming soon with an updated version of Apache Tomcat which is version 7.0.77. We don't have an exact ETA on this yet it will be out when its ready.
Please let us know if you should have any additional questions or need further assistance.
Thank you for choosing SolarWinds products.
According to the information I have, Tomcat 7.0.77 is also effected by the same vulnerabilities, so I have, on behalf of all WHD users, asked that the developers consider using 7.7.78 in the next release to ensure WHD is not vulnerable to the issues reported in CVE.
I confirm 7.0.78 works fine with WHD12.5.0 from our testing.