The vulnerability, first disclosed on March 10, 2025, has already seen exploitation attempts beginning just 30 hours after the public release of proof-of-concept (PoC) code. GreyNoise Intelligence has identified four unique IP addresses that have been attempting to exploit this vulnerability since March 17, 2025, with exploitation attempts observed as early as March 11. Threat actors actively exploit a critical vulnerability in Apache Tomcat, tracked as CVE-2025-24813, which could enable unauthorized remote code execution (RCE) on vulnerable servers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Given Apache Tomcat’s widespread deployment, these early signs of activity suggest more exploitation is likely to follow,” security researchers warned. Researchers observed initial exploit attempts from a Latvia-based IP on March 18, followed by separate attempts on March 19 from IPs traced to Italy, the United States, and China. Second, the attacker triggers deserialization of the uploaded session file by sending a GET request referencing the malicious session ID, potentially leading to remote code execution. These attackers are leveraging a partial PUT method to inject malicious payloads, which could potentially lead to arbitrary code execution on affected systems. While the vulnerability is serious, the specific configuration requirements make broad exploitation unlikely for properly maintained systems. This approach, originally intended as a security measure against path traversal, inadvertently opened a new vulnerability. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 21 Mar 2025 11:20:17 +0000