Summary: CERT NZ has issued a security advisory regarding a critical vulnerability, CVE-2025-24813, found in multiple Apache Tomcat versions that could allow remote code execution, information disclosure, and content corruption. Specific configurations increase the risk of exploitation, prompting immediate action for affected users. Upgrading to the latest secure versions of Apache Tomcat is essential to mitigate this vulnerability.
Affected: Apache Tomcat 9.x, 10.x, and 11.x
Keypoints :
- CVE-2025-24813 poses a risk of remote code execution (RCE) and data corruption.
- Vulnerable versions include Apache Tomcat 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98.
- Exploitation requires specific server configurations, including enabled partial PUT support and improperly managed file uploads.
- To protect systems, users should upgrade to Apache Tomcat versions 11.0.3, 10.1.35, or 9.0.99.
- Monitoring for unusual activities and following best configuration practices are also recommended.
Source: https://thecyberexpress.com/advisory-for-apache-tomcat-vulnerability/