Summary: A critical security flaw (CVE-2025-24813) affecting Apache Tomcat has been actively exploited in the wild following its public disclosure. The vulnerability could allow remote code execution or information disclosure under specific conditions, leading to significant security risks for affected users. Users are strongly advised to upgrade to the patched versions immediately to prevent exploitation.
Affected: Apache Tomcat (versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98)
Keypoints :
- The vulnerability allows remote code execution or information disclosure if certain conditions are met.
- Successful exploitation can occur through the use of serialized Java session files via partial PUT requests.
- Apache Tomcat versions 9.0.99, 10.1.35, and 11.0.3 have fixed the vulnerability; users are urged to upgrade immediately.
Source: https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html