Threat Signal Report

Apache Tomcat RCE

What is the Vulnerability?	On March 10, 2025, Apache issued a security advisory regarding a critical vulnerability (CVE-2025-24813) affecting the Apache Tomcat web server. This flaw could allow attackers to view or inject arbitrary content into security-sensitive files and potentially achieve remote code execution. Exploit code for this vulnerability is publicly available, and no authentication is required to launch an attack, making prompt mitigation essential. According to Apache, successful exploitation requires specific conditions, which may allow attackers to manipulate and view sensitive files or execute remote code.
What is the recommended Mitigation?	Impacted users should implement the recommended mitigations provided by Apache and follow the instructions outlined in the vendor's advisory: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq - Upgrade to Apache Tomcat 11.0.3 or later - Upgrade to Apache Tomcat 10.1.35 or later - Upgrade to Apache Tomcat 9.0.99 or later
What FortiGuard Coverage is available?	FortiGuard Labs has available IPS protection to detect and block any attack attempts targeting the CVE-2025-24813 affecting the Apache Tomcat web server. https://www.fortiguard.com/encyclopedia/ips/57559 FortiGuard Endpoint Vulnerability Service provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface. https://www.fortiguard.com/encyclopedia/endpoint-vuln/84317 The FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Outbreak Alert

FortiGuard Labs has identified ongoing attack attempts aimed at exploiting the recently discovered Apache Tomcat remote code execution vulnerability, CVE-2025-24813. If successful, attackers could gain access to sensitive security files, allowing them to view or inject arbitrary content and potentially execute code remotely on target systems.

View the full Outbreak Alert Report