virus logo Intrusion Prevention

Apache.Tomcat.CVE-2025-24813.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt on a Remote Code Execution vulnerability in Apache Tomcat.
The vulnerability is due to improper handling of uploaded session files and unsafe deserialization. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could gain control of the affected application.

description-logoOutbreak Alert

FortiGuard Labs has identified ongoing attack attempts aimed at exploiting the recently discovered Apache Tomcat remote code execution vulnerability, CVE-2025-24813. If successful, attackers could gain access to sensitive security files, allowing them to view or inject arbitrary content and potentially execute code remotely on target systems.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Apache Tomcat 9.0.0.M1 to 9.0.98
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 11.0.0-M1 to 11.0.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tomcat.apache.org/security-9.html
https://tomcat.apache.org/security-10.html
https://tomcat.apache.org/security-11.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2025-04-14 31.989
Modified
 Default_action:pass:drop
2025-03-26 31.977
New
ID 57559
Created Mar 24, 2025
Updated Sep 24, 2025
CVE ID
Tags Apache Tomcat RCE Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.16%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Apache
Profile Type Code Injection