?? Critical Apache Tomcat Vulnerabilities Under Active Attack- Update Now!

A newly discovered critical vulnerability (CVE-2025-24813) in Apache Tomcat is already under active exploitation, just 30 hours after its public disclosure. This security flaw can allow attackers to remotely execute code, access sensitive files, modify configurations, and even plant backdoors—all without authentication.

?? What’s Happening?

Hackers are abusing partial PUT requests and session persistence mechanisms in Apache Tomcat to upload malicious payloads and trigger remote code execution. Attackers can inject malicious JSP files, compromise session storage, and manipulate security-sensitive files, putting affected systems at serious risk.

?

?? Affected Versions:

• Tomcat 11.0.0-M1 to 11.0.2
• Tomcat 10.1.0-M1 to 10.1.34
• Tomcat 9.0.0-M1 to 9.0.98

?? Why This Matters:

• No authentication is required for exploitation.
• Attackers can inject malicious JSP files, modify configurations, and plant backdoors.
• Exploitation is already happening in the wild!

? Immediate Action Required: Upgrade to Tomcat 9.0.99, 10.1.35, or 11.0.3 to patch the vulnerability and protect your applications.

?Don’t risk your security—patch now!

?If you're concerned about your organization's vulnerability to this exploit, connect with us to implement proactive security measures and safeguard your systems.