Exploitation of Apache Tomcat Vulnerability CVE-2025-24813


The Apache Software Foundation has released security updates addressing a vulnerability in Apache Tomcat.

Tomcat is an open-source web server and servlet container that is used to deploy and serve Java-based web applications. CVE-2025-24813 is ‘deserialisation of untrusted data’ and ‘path equivalence: file.name (Internal dot)’ vulnerability that an attacker could exploit to achieve remote code execution (RCE), view security sensitive files, or inject content into those files. Exploitation of this vulnerability has been reported in the wild and a public proof-of-concept exploit has been released. The NHS England National CSOC assesses that continued exploitation of this vulnerability is considered highly likely.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

    March 20, 2017

    Cisco Systems warned customers on Friday of a critical vulnerability that could allow an attacker to execute arbitrary code and obtain full control on more than 300 different models of its switches and routers. Cisco said it became aware of the vulnerability after WikiLeaks released its Vault 7 cache of documents that revealed the existence ...