Summary: A critical remote code execution vulnerability (CVE-2025-24813) in Apache Tomcat allows attackers to take control of servers via a simple PUT request. The flaw has been exploited shortly after its disclosure, leveraging obfuscated Java payloads which are difficult for security tools to detect. Apache has recommended urgent upgrades and configuration changes to mitigate this severe risk.
Affected: Apache Tomcat (versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0.M1 to 9.0.98)
Keypoints :
- Attackers can exploit the vulnerability without authentication by sending a crafted PUT request.
- The use of base64 encoding helps the malicious content evade traditional security filters.
- Urgent upgrades to Tomcat versions 11.0.3+, 10.1.35+, or 9.0.99+ are recommended to address the vulnerability.
- Default servlet configuration changes can help mitigate the risk from future RCE vulnerabilities in Tomcat.
- Wallarm highlights a potential trend of more RCE vulnerabilities arising from Tomcatβs handling of partial PUT requests.