Search
Recently, Apache Tomcat disclosed a critical vulnerability, CVE-2025-24813, and alarmingly, a Proof of Concept (PoC) for this vulnerability emerged within just 30 hours of its public announcement. Hackers swiftly capitalized on this, leveraging the flaw to launch attacks. This vulnerability primarily impacts Apache Tomcat versions ranging from 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0-M1 to 9.0.98. The root cause of this vulnerability lies in Tomcat's deserialization mechanism, which fails to rigorously validate user input. This allows attackers to craft malicious serialized objects and exploit flaws in the handling of temporary file paths, enabling remote code execution under certain conditions. In response, Apache Tomcat has released updated versions to address this vulnerability; however, users must upgrade to these new versions to ensure their security.
-
C114 Communication Network -
Communication Home
