Apache Tomcat Vulnerability CVE-2025-24813 Exploited to Execute Code on Servers
https://cybersecuritynews.com/apache-tomcat-vulnerability-exploited/
A critical vulnerability in Apache Tomcat has been actively exploited by attackers to achieve remote code execution (RCE) on vulnerable servers.
This vulnerability affects versions 9.0.0-M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2 and has been resolved in versions 9.0.99, 10.1.35, and 11.0.3.
The flaw exploits Apache Tomcat’s handling of partial PUT requests and path equivalence, allowing attackers to bypass security constraints and execute arbitrary code without authentication under specific conditions.
originally posted at https://stacker.news/items/934074
ch0k1
npub1k3…q9t9m
2025-04-04 03:41:19
Author Public Key
npub1k3qrkfq45qsvyp53hvvv2xk6tt9kfdca9asfvm9nc796dq65948q9q9t9mPublished at
2025-04-04 03:41:19Event JSON
{
"id": "a0edbedc835f3d21b1b1e9027c1cc1af2f66b3c63f2cfc1f1a3b3d6d1b24b3b6",
"pubkey": "b4403b2415a020c20691bb18c51ada5acb64b71d2f60966cb3c78ba683542d4e",
"created_at": 1743738079,
"kind": 1,
"tags": [
[
"client",
"stacker.news"
]
],
"content": "Apache Tomcat Vulnerability CVE-2025-24813 Exploited to Execute Code on Servers\nhttps://cybersecuritynews.com/apache-tomcat-vulnerability-exploited/\n\nA critical vulnerability in Apache Tomcat has been actively exploited by attackers to achieve remote code execution (RCE) on vulnerable servers.\n\nThis vulnerability affects versions 9.0.0-M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2 and has been resolved in versions 9.0.99, 10.1.35, and 11.0.3.\n\nThe flaw exploits Apache Tomcat’s handling of partial PUT requests and path equivalence, allowing attackers to bypass security constraints and execute arbitrary code without authentication under specific conditions.\n\noriginally posted at https://stacker.news/items/934074",
"sig": "970a8659b63999b31ad36e20a0b85a7ad1a1572c25d5152aad9ca40e0daf88bebcdc7ba40acd1d81ea7e36f7482835112b2c71e346f2382cc6d2c8a5f1a7ecb4"
}