CVE-2025-24813, a trivial flaw in Apache Tomcat revealed on March 10, enables remote code execution and sensitive file access without authentication. Discovered by Wallarm, the exploit was disseminated just 30 hours later and is now actively being exploited in the wild. Exploitation is feasible if Tomcat uses file-based session storage, facilitating attackers to upload malicious session files. Once stored, a simple GET request allows attackers to retrieve and execute the embedded Java code, granting them substantial control over the server in question.
A vulnerability in Apache Tomcat allows for remote code execution by uploading malicious session files, exposing servers without authentication within a week of its disclosure.
The only requirement for successful exploitation of CVE-2025-24813 is using file-based session storage, a common setup in many Tomcat deployments.
Collection
[
|
...
]