Apache Tomcat Vulnerability Actively Exploited to Carry out Remote Code Execution

Pulse ID: 67ea98de56c6392506302862
Pulse Link: https://otx.alienvault.com/pulse/67ea98de56c6392506302862
Pulse Author: cryptocti
Created: 2025-03-31 13:30:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Apache Tomcat: CVE-2025-24813: Active Exploitation

A critical path equivalence vulnerability in Apache Tomcat, CVE-2025-24813, allows unauthenticated attackers to execute arbitrary code on vulnerable servers under specific conditions. The vulnerability affects Tomcat versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0.M1 to 9.0.98, and certain 8.5.x versions. Exploitation requires specific server configurations and involves sending malicious PUT and GET requests. Six malicious IP addresses have been identified attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the likelihood of ongoing exploitation attempts. Users are advised to upgrade to patched versions or implement network-level controls to restrict access to the Tomcat server.

Pulse ID: 67e6c6b6dd57e4c62a1a8d1f
Pulse Link: https://otx.alienvault.com/pulse/67e6c6b6dd57e4c62a1a8d1f
Pulse Author: AlienVault
Created: 2025-03-28 15:56:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Descubra o Poder do Tomcat: 5 Razões para Usar!

Pensando em otimizar seu servidor web? O Tomcat é a escolha perfeita! Com sua leveza e flexibilidade, ele se destaca no mundo do open source. Confira 5 motivos para adotar o Tomcat e leve sua infraestrutura de TI a um novo patamar. Vamos inovar juntos?

Leia mais no blog: https://nova.escolalinux.com.br/blog/tomcat-5-motivos-para-voce-comecar-a-usar?utm_source=dlvr.it&utm_medium=mastodon

(recordedfuture.com) Apache Tomcat: Critical Path Equivalence Vulnerability (CVE-2025-24813) NOT (yet) under active exploitation

https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis

Insikt Group notes specifically that this vulnerability has not yet been observed as being actively exploited in the wild.

Summary:
This article details CVE-2025-24813, a critical path equivalence vulnerability in Apache Tomcat that allows unauthenticated remote code execution under specific conditions. The vulnerability affects multiple Tomcat versions (11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98, and most 8.5.x versions). Greynoise has identified six malicious IP addresses attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the risk of exploitation. Organizations are advised to upgrade to patched versions (11.0.3, 10.1.35, or 9.0.99) or implement network-level controls if immediate patching isn't possible.

JBoss/WildFly ou Apache Tomcat: Qual Escolher?

Está em dúvida entre esses dois servidores? Ambos têm suas vantagens, mas qual é o ideal para seu projeto? Entenda as diferenças e descubra qual atenderá melhor às suas necessidades!

Leia no blog: https://nova.escolalinux.com.br/blog/jboss-wildfly-ou-apache-tomcat-qual-devo-escolher?utm_source=dlvr.it&utm_medium=mastodon

Hugo being a little cutie
#fosterarmy #hugo #handsome #hunk #cat #tabbycat #tomcat #specialneedscat #adoptme

(horizon3.ai) What to know about recent Github Actions and Apache Tomcat vulnerabilities—before you investigate https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/

The article from Horizon3 analyzes two recent high-profile vulnerabilities: CVE-2025-30066 affecting GitHub Actions (tj-actions/changed-files) and CVE-2025-24813 affecting Apache Tomcat. Despite widespread publicity, Horizon3.ai's Attack Team found that actual exploitation risk is significantly lower than reported. For the GitHub Actions vulnerability, only one repository among 1,200 examined was exposed, with no evidence of data exfiltration. For Apache Tomcat, analysis of over 10,000 endpoints revealed no vulnerable configurations in production environments. The article emphasizes the importance of prioritizing security responses based on actual risk rather than media hype.

¿Pero Apache #Tomcat aun se utiliza? pregunta seria, y mis más profundas condolencias a los SysOps que tienen que mantener stacks de #Java

Ich weiß.. böses YouTube, aber das muss ich mal kurz teilen.

https://youtube.com/shorts/tQoC7XyLaH4

Critical #RCE flaw in #Apache #Tomcat actively exploited in attacks

https://www.bleepingcomputer.com/news/security/critical-rce-flaw-in-apache-tomcat-actively-exploited-in-attacks/

2025, et je découvre encore des dingueries sur Tomcat ... (d'un autre côté, je n'ai jamais été gros utilisateur) https://peterobrien.blog/2020/12/16/tomcat-override-that-web-xml/ #tomcat #configuration #web #astuce

"Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure"

https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html

Apache Tomcat : cette faille activement exploitée seulement 30 heures après sa divulgation ! Patchez ! https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Tomcat

Descubra o Poder do Tomcat: 5 Razões para Usar!

Pensando em otimizar seu servidor web? O Tomcat é a escolha perfeita! Com sua leveza e flexibilidade, ele se destaca no mundo do open source. Confira 5 motivos para adotar o Tomcat e leve sua infraestrutura de TI a um novo patamar. Vamos inovar juntos?

Leia mais no blog: https://nova.escolalinux.com.br/blog/tomcat-5-motivos-para-voce-comecar-a-usar?utm_source=dlvr.it&utm_medium=mastodon

Security researchers reveal active exploitation against #Apache #Tomcat vulnerability

The vulnerability is tracked as CVE-2025-24813, and when exploited, allows an attacker to remotely execute code

Administrators are advised to patch ASAP

#cybersecurity #threatintel

https://www.bleepingcomputer.com/news/security/critical-rce-flaw-in-apache-tomcat-actively-exploited-in-attacks/

#Tomcat: Apache Tomcat Vulnerability CVE-2025-24813 Actively Exploited Just 30 Hours After Public Disclosure!
Successful exploitation could permit attackers to view sensitive files, inject arbitrary content or even achieve Remote Code Execution(#RCE):

https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html

If you use #tomcat you might want to read this:

#webserver #CyberSecurity #j2ee
#apachetomcat

https://www.bleepingcomputer.com/news/security/critical-rce-flaw-in-apache-tomcat-actively-exploited-in-attacks/

One PUT Request to Own #Apache #Tomcat CVE-2025-24813 #RCE is in the Wild https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/

Threat actors rapidly exploit new #Apache #Tomcat flaw following PoC release
https://securityaffairs.com/175522/security/threat-actors-rapidly-exploit-new-apache-tomcat-flaw-following-poc-release.html
#securityaffairs #hacking