CyberSecurity news

FlagThis

Pierluigi Paganini@securityaffairs.com //
CISA has added a new Apache Tomcat vulnerability, identified as CVE-2025-24813, to its Known Exploited Vulnerabilities (KEV) catalog. This action follows evidence that the flaw is being actively exploited in the wild, posing a significant risk to organizations utilizing affected versions of Apache Tomcat. The vulnerability is a path equivalence issue within Apache Tomcat.

To mitigate the risk posed by CVE-2025-24813, impacted users are urged to upgrade their Apache Tomcat installations to the latest secure versions. Specifically, upgrades to Apache Tomcat 11.0.3 or later, Apache Tomcat 10.1.35 or later, or Apache Tomcat 9.0.99 or later are recommended. The advisory also includes IPS protection measures to detect and block potential attack attempts targeting this vulnerability affecting the Apache Tomcat web server.
Original img attribution: https://securityaffairs.com/wp-content/uploads/2020/07/CISA.jpeg
ImgSrc: securityaffairs

Share: bluesky twitterx--v2 facebook--v1 threads


References :
Classification:
  • HashTags: #Cybersecurity #ApacheTomcat #Vulnerability
  • Company: CISA
  • Target: Federal Civilian Executive Branch (FCEB) agencies
  • Product: Apache Tomcat
  • Feature: Path Equivalence Vulnerability
  • Malware: CVE-2025-24813
  • Type: Vulnerability
  • Severity: Major