Latest Apache Tomcat vulnerability: CVE-2025-24813 #
Certain versions of Apache Tomcat contain a vulnerability in their handling of partial HTTP PUT requests. If exploited, this vulnerability could lead to remote code execution, information disclosure, or file injection vulnerabilities depending on server configuration.
This vulnerability has been assigned CVE-2025-24813 and has been rated highly critical with a CVSS score of 9.8.
While this vulnerability has been rated highly critical, it is important to note that Tomcat is not vulnerable in its default configuration. There have been reports that this attack is being exploited in the wild, but thus far all attacks appear to be via a well-known proof-of-concept that is not expected to work outside of a lab environment.
Are updates available? #
Apache has released updates that address these vulnerabilities, and users are advised to update their installations as quickly as possible. Additionally, setting the default servlet to readonly (by setting readonly = true in the configuration, which is the default) will mitigate this vulnerability.
How do I find potentially vulnerable versions of Tomcat with runZero? #
Apache ActiveMQ services can be found by navigating to the Software Inventory and using the following query:
_asset.products:"Tomcat" AND product:"Tomcat" AND ((version:>=11.0.0 AND version:<11.0.3) OR (version:>=10.1.0 AND version:<10.1.35) OR (version:>=9.0.0 AND version:<9.0.99))
Results from the above query should be triaged to determine if they require patching or vendor intervention.
