A significant security flaw in Apache Tomcat, identified as CVE-2025-24813, has been reported to lead to remote code execution and information disclosure. This vulnerability affects various versions of Tomcat, and its exploitation has been noted within hours of a public proof-of-concept release. Specific conditions, including enabled writes and partial PUT requests, could allow attackers to manipulate sensitive files. The issue has been addressed in the latest versions, yet exploitation attempts are already underway, with attackers leveraging Tomcat's session persistence mechanisms.
The vulnerability has been resolved in Tomcat versions 9.0.99, 10.1.35, and 11.0.3.
Successful exploitation could permit a malicious user to view security sensitive files or inject arbitrary content into those files.
Collection
[
|
...
]