Critical Apache Tomcat Vulnerability (CVE-2025-24813): What Houston Businesses Need to Know

A critical remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, has been disclosed and is actively being exploited in the wild. Organizations running vulnerable versions of Apache Tomcat should take immediate action to protect their systems.

  Understanding the Vulnerability

CVE-2025-24813 is a path equivalence vulnerability that can lead to remote code execution, information disclosure, or malicious content being added to uploaded files. The vulnerability was disclosed on March 10, 2025, and within just 30 hours, proof-of-concept exploits began circulating online.

The attack is remarkably simple to execute, requiring just a single PUT request to compromise vulnerable servers. According to security researchers at Wallarm, attackers send a PUT request containing a Base64-encoded serialized Java payload to Tomcat’s session storage, followed by a GET request with a JSESSIONID cookie that points to the uploaded session file. This forces Tomcat to deserialize and execute the malicious Java code, granting complete control to the attacker.

  Affected Systems

The following Apache Tomcat versions are vulnerable:

• Apache Tomcat 11.0.0-M1 to 11.0.2
• Apache Tomcat 10.1.0-M1 to 10.1.34
• Apache Tomcat 9.0.0.M1 to 9.0.98

  Exploitation Requirements

For successful remote code execution, all of the following conditions must be met:

1. Writes enabled for the default servlet (disabled by default)
2. Support for partial PUT (enabled by default)
3. Application using Tomcat’s file-based session persistence with the default storage location
4. Application including a library that may be leveraged in a deserialization attack

While these conditions might seem specific, security researchers have found that the exploit is easier to accomplish than initially reported. The attack requires no authentication and is particularly dangerous because traditional security tools often fail to detect it—PUT requests appear normal, and the malicious content is obfuscated using Base64 encoding.

  Remediation Steps

To protect your systems from this vulnerability, take the following actions immediately:

1. Update to patched versions:
   • Apache Tomcat 11.0.3 or later
   • Apache Tomcat 10.1.35 or later
   • Apache Tomcat 9.0.99 or later
2. If immediate patching is not possible, implement these mitigations:
   • Revert to the default servlet configuration (readonly=”true”)
   • Turn off partial PUT support
   • Avoid storing security-sensitive files in a subdirectory of public upload paths

  Current Exploitation Status

Security researchers have confirmed that this vulnerability is being actively exploited in the wild. The first attack was reportedly detected on March 12, 2025, coming from Poland, days before the first public exploit was released on GitHub. While some reports suggest that exploitation attempts may be widespread, Rapid7 researchers note that successful exploitation in real-world production environments has not been confirmed.

The vulnerability requires specific configuration conditions that are not default settings, which may limit its impact. However, the ease of exploitation and the potential for complete system compromise make this a high-priority issue for any organization running Apache Tomcat.

  How CinchOps Can Assist

At CinchOps, we understand the urgency of addressing critical vulnerabilities like CVE-2025-24813. Our team can help your organization:

1. Rapidly assess your environment to identify vulnerable Apache Tomcat instances
2. Prioritize remediation efforts based on exposure and exploitability
3. Deploy emergency patches with minimal disruption to your business operations
4. Implement robust monitoring solutions to detect exploitation attempts
5. Strengthen your overall security posture with proactive vulnerability management

Discover more about our enterprise-grade and business protecting cybersecurity services on our Cybersecurity page.

Contact CinchOps today for immediate assistance with mitigating this critical vulnerability and enhancing your security defenses against emerging threats.

FREE SECURITY ASSESSMENT