Urgent Security Advisory: Critical Apache Tomcat Vulnerability (CVE-2025-24813) Detected

Urgent Security Alert: Critical Apache Tomcat Vulnerability Exposed

The New Zealand Computer Emergency Response Team (CERT NZ) has issued an urgent advisory regarding a critical vulnerability, CVE-2025-24813, affecting multiple versions of Apache Tomcat. This flaw poses significant security risks, including the potential for remote code execution (RCE), information disclosure, and content corruption.

The vulnerability impacts Apache Tomcat versions 9.x, 10.x, and 11.x, particularly under specific configurations that make systems more susceptible to attacks. An unauthenticated attacker could exploit this flaw to upload malicious serialized payloads to vulnerable servers, potentially executing arbitrary code if certain conditions are met.

The issue is linked to the default servlet of Apache Tomcat, which manages HTTP requests. Attackers could exploit improper file upload handling to execute harmful code or access sensitive information. The implications are severe, as successful exploitation could lead to unauthorized code execution and data corruption.

CERT NZ has highlighted that a proof-of-concept (PoC) for this vulnerability is already in circulation, with reports of active exploitation surfacing. This makes immediate action crucial for organizations using affected versions of Apache Tomcat.

To mitigate risks, users are advised to upgrade to secure versions: Apache Tomcat 11.0.3 or later, 10.1.35 or later, and 9.0.99 or later. Additionally, system administrators should follow best practices, including disabling unnecessary features and ensuring proper configuration of file upload capabilities.

As Apache Tomcat is widely utilized for serving Java applications, the urgency to address this vulnerability cannot be overstated. Organizations must act swiftly to protect their systems from potential exploitation and safeguard sensitive data.