Apache Tomcat RCE

What is the Vulnerability?On March 10, 2025, Apache issued a security advisory regarding a critical vulnerability (CVE-2025-24813) affecting the Apache Tomcat web server. This flaw could allow attackers to view or inject arbitrary content into security-sensitive files and potentially achieve remote code execution.Exploit code for this vulnerability is publicly available, and no authentication is required to launch an attack, making prompt mitigation essential. According to Apache, successful exploitation requires specific conditions, many of which are enabled by default, allowing attackers to manipulate and view sensitive files or execute remote code.What is the recommended Mitigation?Impacted users should implement the recommended mitigations provided by Apache and follow the instructions outlined in the vendor’s advisory:https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq- Upgrade to Apache Tomcat 11.0.3 or later- Upgrade to Apache Tomcat 10.1.35 or later- Upgrade to Apache Tomcat 9.0.99 or laterWhat FortiGuard Coverage is available?FortiGuard Labs has available IPS protection to detect and block any attack attempts targeting the CVE-2025-24813 affecting the Apache Tomcat web server. https://www.fortiguard.com/encyclopedia/ips/57559FortiGuard Endpoint Vulnerability Service provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface. https://www.fortiguard.com/encyclopedia/endpoint-vuln/84317The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Read More