Published 15 days ago • loading... • Updated 13 days ago

'Dead simple' RCE exploit in Apache Tomcat under attack

A critical remote code execution vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is under active exploitation and allows attackers to take control of servers with a simple PUT request.
The vulnerability was disclosed on March 10, and an exploit was publicly shared 30 hours later, according to Wallarm.
The Apache Foundation classified this flaw as important and recommended users upgrade to patched versions 11.0.3+, 10.1.35+, or 9.0.99+ to mitigate the risks.
Wallarm noted the potential for more similar vulnerabilities due to the partial PUT handling in Tomcat, stating, 'This attack is dead simple to execute and requires no authentication.

Insights by Ground AI

Does this summary seem wrong?

11 Articles

All

Left

Center

Right

The Register

Center

'Dead simple' RCE exploit in Apache Tomcat under attack

Updated: One PUT request, one poisoned session file, and the server’s yours

14 days ago

Read Full Article

BleepingComputer

Reposted by

cybernoz.com

Center

Critical RCE flaw in Apache Tomcat actively exploited in attacks

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.

14 days ago

Read Full Article

Information Security Buzz

Apache Tomcat Under Siege: RCE Exploit Spreads Globally

A newly discovered remote code execution (RCE) vulnerability, CVE-2025-24813, is actively being exploited, putting Apache Tomcat servers at risk—malicious actors need but a single PUT API request to gain full control over vulnerable systems. The exploit was initially published by a Chinese forum user, iSee857, with a proof-of-concept (PoC) code now readily available online. How [...]

13 days ago

Read Full Article

Kali Linux Tutorials

CVE-2025-24813-PoC : Apache Tomcat

Introduction CVE-2025-24813 is a remote code execution (RCE) vulnerability that affects Apache Tomcat, allowing an attacker to upload a malicious serialized session file by sending a PUT request and triggering deserialization through a GET request, thereby executing arbitrary code on the server. This vulnerability has been exploited in the wild, and its exploitation conditions are relatively simple, requiring Tomcat to use files to store session…

14 days ago

Read Full Article

CSO Online

Tomcat PUT to active abuse as Apache deals with critical RCE flaw

Apache Software’s open-source web container for handling Java-based web applications, Tomcat, is under active attacks through a critical RCE flaw the company disclosed last week. According to API security vendor, Wallarm, threat actors are using a public proof-of-concept (PoC) exploit released for the flaw, CVE-2025-24813, just 30 hours after it was publicly disclosed. “A devastating new remote code execution (RCE) vulnerability is now actively …

14 days ago

Read Full Article

Techmeme

Reposted by

BizToc

A critical Apache Tomcat RCE flaw is being exploited, letting attackers take over servers via a PUT request; Wallarm: the attack “requires no authentication”

Bill Toulas / BleepingComputer: A critical Apache Tomcat RCE flaw is being exploited, letting attackers take over servers via a PUT request; Wallarm: the attack “requires no authentication” — A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild …

14 days ago·California, United States

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year