CISA Alerts on Active Exploitation of Apache Tomcat Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding the active exploitation of CVE-2025-24813, a critical vulnerability within Apache Tomcat.

This newly identified flaw poses a significant risk to organizations using affected versions of the popular open-source web server.

CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability

CVE-2025-24813, classified as a “Path Equivalence Vulnerability,” stems from the improper handling of partial PUT requests in Apache Tomcat.

The flaw allows remote attackers to bypass security restrictions by exploiting equivalences in file paths, potentially leading to code execution, data disclosure, or content manipulation.

Security researchers highlight that the vulnerability is tied to the improper handling of file paths in web applications hosted on Tomcat servers.

The vulnerability is associated with Common Weakness Enumerations (CWEs) CWE-44 (Path Equivalence Concerns) and CWE-502 (Deserialization of Untrusted Data).

While its active use in ransomware campaigns has not yet been confirmed, CISA urges organizations to ...