March 17, 2025 By Pierluigi Paganini
Threat actors began exploiting a recently disclosed Apache Tomcat vulnerability immediately after the release of a PoC exploit code.
A newly disclosed Apache Tomcat vulnerability, tracked as CVE-2025-24813, is being actively exploited just 30 hours after a public PoC was released.
The issue is a path equivalence flaw in Apache Tomcat that allows remote code execution or information disclosure if specific conditions are met. The vulnerability affects multiple versions including 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. Exploitation requires write-enabled default servlet, partial PUT support, and specific file handling conditions.
“The original implementation of partial PUT used a temporary file based on the user provided file name and path with the path separator replaced by “.”.” reads the advisory.