CVE-2025-24813 # Apache Tomcat Critical RCE Vulnerability exploited >>>
Critical remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild.
The vulnerability, which enables attackers to take control of servers with a simple PUT request, was disclosed last week, and proof-of-concept exploits were published on GitHub merely 30 hours later.
The critical flaw affects multiple versions of Apache Tomcat: 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. First disclosed by Apache on March 10, 2025, the vulnerability allows attackers to view or inject arbitrary content on security-sensitive files under specific conditions.
Exploitation Mechanism -
Step 1: Uploading Malicious Code
Step 2: Triggering Execution
Mitigation & Countermeasure -
Apache recommends that all users upgrade to Tomcat versions 11.0.3+, 10.1.35+, or 9.0.99+, which contain patches for CVE-2025-24813.
For organizations unable to update immediately, alternative mitigations include:
Reverting to the default servlet configuration (readonly=βtrueβ)
Turning off partial PUT support
Avoiding storing security-sensitive files in subdirectories of public upload paths