- 64/2025
- High
Apache has released a security update to address a vulnerability affecting multiple versions of Apache Tomcat.
The addressed vulnerability could allow the remote attacker to obtain sensitive information, manipulate data, or execute arbitrary code and gain access to the affected systems.
Apache Tomcat Code Execution Vulnerability (CVE-2025-24813):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
The affected products:
- Apache Tomcat 11.0.0-M1 to 11.0.2.
- Apache Tomcat 10.1.0-M1 to 10.1.34.
- Apache Tomcat 9.0.0.M1 to 9.0.98.
It should be highlighted that security researchers disclosed a proof-of-concept (PoC) exploit that exists in the wild for vulnerability “CVE-2025-24813”.
Vulnerabilities
CVE-2025-24813
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.