The vulnerability, tracked as CVE-2025-24813, allows remote attackers to execute arbitrary code, access sensitive information, or inject malicious content through a path equivalence flaw in the popular web server software. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The flaw originates from improper handling of partial PUT requests, allowing unauthenticated attackers to achieve remote code execution through a sophisticated attack chain. For organizations unable to patch immediately, reviewing server configurations to ensure the default servlet doesn’t have write permissions enabled can provide temporary mitigation, as this condition is required for successful exploitation. However, when these conditions align, the attack becomes “dead simple to execute,” according to Wallarm researchers cited in recent reports. Federal Civilian Executive Branch (FCEB) agencies are required to remediate this vulnerability by April 22, 2025, per Binding Operational Directive (BOD) 22-01. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Security researchers have also confirmed that 8.5.x versions (specifically 8.5.0 to 8.5.98 and 8.5.100, excluding 8.5.99) are vulnerable, though these weren’t initially included in Apache’s advisory. Attackers send a PUT request containing a Base64-encoded serialized Java payload to the vulnerable server.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Apr 2025 06:40:05 +0000