Summary: Soon after the release of patches for a critical remote code execution vulnerability in Apache Tomcat, exploit code was made public, allowing attackers to hijack servers with a single PUT request. The vulnerability, identified as CVE-2025-24813, affects multiple versions of Apache Tomcat and is being actively exploited due to its simple execution and lack of authentication requirements.
Affected: Apache Tomcat (versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98)
Keypoints :
- Exploit requires only a simple PUT request containing a malicious base64-encoded Java payload.
- Does not require any authentication, making it easy for attackers to execute.
- Apache recommends upgrading to newer Tomcat versions to mitigate the vulnerability.
- Wallarm warns of potential future exploitation tactics, including uploading malicious JSP files and backdoors.