CyberSecurity news

FlagThis - #apache

do son@Daily CyberSecurity //

Apache Tomcat Vulnerability Enables RCE and Data Leaks - A path equivalence vulnerability in Apache Tomcat allows for potential remote code execution, information disclosure, or malicious content addition and users are advised to upgrade immediately to patched versions.
A critical security vulnerability, CVE-2025-24813, has been identified in Apache Tomcat, potentially exposing servers to remote code execution (RCE) and data leaks. The vulnerability stems from a path equivalence issue related to how Tomcat handles filenames with internal dots, particularly when writes are enabled for the default servlet and partial PUT support is enabled. This flaw could allow attackers to execute malicious code, disclose sensitive information, or inject malicious content into uploaded files.

Users of Apache Tomcat versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98 are advised to upgrade immediately to versions 11.0.3, 10.1.35, or 9.0.99 respectively, which include the necessary fixes. The vulnerability exists if an application uses Tomcat's file-based session persistence with the default storage location and includes a library susceptible to deserialization attacks, potentially leading to remote code execution. COSCo Shipping Lines DIC and sw0rd1ight are credited with discovering and reporting the vulnerability.

Recommended read:
References :
  • gbhackers.com: Apache Tomcat Flaw Could Allow RCE Attacks on Servers
  • cR0w :cascadia:: Tomcat vulns are always fun, right? H/T: Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
  • buherator's timeline: [oss-security] CVE-2025-24813: Apache Tomcat: Potential RCE and/or information disclosure and/or ...
  • Open Source Security: CVE-2025-24813: Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
  • securityonline.info: CVE-2025-24813 Flaw in Apache Tomcat Exposes Servers to RCE, Data Leaks: Update Immediately
  • buherator's timeline: Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE
  • BleepingComputer: A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]
  • securityonline.info: Tomcat Flaw CVE-2025-24813 Exploited in the Wild, PoC Released
  • securityaffairs.com: Threat actors rapidly exploit new Apache Tomcat flaw following PoC release
  • infosecwriteups.com: CVE-2025–24813: Apache Tomcat Path Equivalence Vulnerability $$$$ BOUNTY
  • The Hacker News: The Hacker News reports on Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
  • www.scworld.com: Apache Tomcat flaw actively exploited; could allow 'devastating' RCE
  • bsky.app: Bsky Social - A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.
  • bsky.app: A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.
  • The Register - Software: One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure.
Ashish Khaitan@The Cyber Express //

Critical Apache Vulnerabilities Expose Systems to Attacks - Multiple critical vulnerabilities have been discovered in Apache software products, including Apache HugeGraph-Server, Apache Traffic Control, and Apache MINA, posing significant risks to users.
Multiple critical vulnerabilities have been identified in several Apache software products, posing significant risks to users. The Cyber Security Agency of Singapore has issued alerts regarding these flaws, urging immediate updates. CVE-2024-43441 affects Apache HugeGraph-Server, allowing for authentication bypass, potentially granting unauthorized access to systems. Another critical issue, CVE-2024-45387, has been discovered in Apache Traffic Control and is a SQL injection vulnerability that can be exploited by privileged users to execute arbitrary SQL commands, risking data manipulation or exfiltration.

Apache MINA is also affected by CVE-2024-52046 which allows remote code execution through deserialization flaws. It is crucial that users apply security patches promptly. For Apache MINA, additional configuration is required to restrict class deserialization further mitigating the risk. Furthermore, a high-risk vulnerability, CVE-2024-56512, has been found in Apache NiFi, a data processing and distribution system, which can expose sensitive information to unauthorized users, especially if using component-based authorization policies. A patch for NiFi has been issued in version 2.1.0, users should upgrade immediately.

Recommended read:
References :
  • BleepingComputer: The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products.
  • malware.news: Apache fixes Traffic Control bug that attackers could exploit
  • www.bleepingcomputer.com: Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
  • www.scworld.com: Apache fixes Traffic Control bug that attackers could exploit
  • thecyberexpress.com: Critical Apache Vulnerabilities: Update Now to Avoid Major Risks
  • www.csa.gov.sg: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
  • securityonline.info: CVE-2024-45387: PoC Published for Critical SQL Injection in Apache Traffic Control
@securityonline.info //

Critical Vulnerabilities Discovered in Apache Cassandra - Multiple vulnerabilities have been discovered in Apache Cassandra, including unrestricted deserialization, network region authorization bypass, and privilege escalation, potentially exposing sensitive data and allowing unauthorized access.
Multiple critical vulnerabilities have been discovered in Apache Cassandra, raising concerns about unauthorized access, privilege escalation, and potential theft of JMX credentials. These flaws, identified as CVE-2024-27137, CVE-2025-24860, and CVE-2025-23015, impact a wide range of Cassandra versions, potentially exposing sensitive data to malicious actors. Organizations relying on the open-source NoSQL database are urged to take immediate action.

The most alarming vulnerability, CVE-2025-24860, allows attackers to bypass network authorization controls. Specifically, it affects the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer, granting unauthorized access to different network regions. This issue impacts Apache Cassandra versions 4.0.0 through 4.0.15, 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Users with restricted data center access can even escalate their own permissions through Data Control Language (DCL) statements on affected versions. Operators are advised to review data access rules and upgrade to versions 4.0.16, 4.1.8, 5.0.3, which address the issue.

Recommended read:
References :
  • buherator's timeline: Apache Cassandra vulnerabilities: CVE-2024-27137: Unrestricted deserialization of JMX authentic...
  • Open Source Security: CVE-2025-24860: Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
  • securityonline.info: Security Flaws Discovered in Apache Cassandra: Unauthorized Access, Privilege Escalation, and JMX Credential Theft
Divya@gbhackers.com //

Apache NiFi Flaw Exposes MongoDB Credentials to Attackers - CVE-2025-27017, a critical vulnerability in Apache NiFi versions 1.13.0 through 2.2.0, exposes MongoDB credentials to authorized users with read access, prompting immediate upgrade to version 2.3.0.
A critical vulnerability, CVE-2025-27017, has been identified in Apache NiFi, a popular data flow automation tool used by thousands of companies. The flaw affects versions 1.13.0 through 2.2.0 and exposes MongoDB credentials. An authorized user with read access to the system provenance records may see the credentials used to connect to MongoDB databases, potentially extracting the MongoDB credentials and gaining unauthorized access to sensitive data.

The vulnerability stems from the inclusion of MongoDB usernames and passwords in NiFi provenance events. This poses a significant risk, potentially leading to data breaches or tampering. NiFi is widely used to automate data pipelines for cybersecurity, observability, event streams, and generative AI applications, making this a high-priority concern for organizations leveraging the affected versions.

The vulnerability has been addressed in Apache NiFi 2.3.0, which removes the credentials from provenance event records. Users of affected versions are strongly urged to upgrade to the latest release to mitigate the risk of credential exposure. Organizations using Apache NiFi should prioritize updating their systems to the latest version to protect their MongoDB credentials and prevent potential data breaches.

Recommended read:
References :

Blogs

Research Tools