Endpoint Vulnerability

Apache Tomcat CVE-2025-24813 Vulnerability

Description

Path equivalence via internal dot in file names allows attackers with write-enabled default servlet and partial PUT to read sensitive files or inject malicious content, leading to remote code execution or information disclosure on Apache Tomcat 9.0.x, 10.1.x, and 11.0.x.

Outbreak Alert

FortiGuard Labs has identified ongoing attack attempts aimed at exploiting the recently discovered Apache Tomcat remote code execution vulnerability, CVE-2025-24813. If successful, attackers could gain access to sensitive security files, allowing them to view or inject arbitrary content and potentially execute code remotely on target systems.

View the full Outbreak Alert Report

Affected Applications

Apache Tomcat

Version Updates

Date	Version	Status	Detail
2025-07-10	1.00878	Modified	Apache Tomcat
2025-03-20	1.00828	New	Apache Tomcat

References

https://tomcat.apache.org/security.html

ID	84317
Created	Mar 19, 2025
Description Updated	Jan 10, 2026
CVE ID
Tags	Apache Tomcat RCE Threat Signal
Risk
Coverage	FortiClient
OS	Windows
Vendor	Apache
Patch	manual
Application	Apache Tomcat

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

Apache Tomcat CVE-2025-24813 Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

Apache Tomcat CVE-2025-24813 Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Threat Intelligence
Center