“We strongly urge all users to update immediately given the critical nature of this vulnerability and evidence of active exploitation,” stated the Apache Tomcat security team in their advisory. A critical remote code execution vulnerability in Apache Tomcat (CVE-2025-24813) is actively being exploited in the wild, enabling attackers to take complete control of vulnerable servers. Organizations are advised to prioritize this patch among their security updates due to the severity of the vulnerability and increasing exploitation attempts. The attacks typically begin with reconnaissance to identify vulnerable servers, followed by exploitation attempts using modified versions of the publicly available exploit code. Security researchers have observed increasing exploitation attempts since the vulnerability was first disclosed earlier this month. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability exists in the server’s core processing components, making it particularly dangerous for organizations running unpatched versions of the popular web application server. Security firms report aggressive scanning for vulnerable servers, particularly in financial services, healthcare, and government sectors. Exploitation conditions are reportedly strict, as indicated in the proof-of-concept code documentation, but attackers have already developed reliable methods to bypass these limitations. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. The published proof-of-concept code allows for both individual server testing and batch scanning of multiple targets with multi-threading capabilities.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Mar 2025 10:35:05 +0000