Keypoints:
- One of the malicious IP addresses actively attempting to exploit CVE-2025-24813 was observed targeting systems in Indonesia, indicating a direct threat.
- CVE-2025-24813 is a critical vulnerability in Apache Tomcat allowing unauthenticated remote code execution under specific configurations.
- Successful exploitation requires specific settings, including write permissions for the default servlet and enabled partial PUT support.
- Publicly available proof-of-concept exploits increase the likelihood of widespread exploitation attempts targeting vulnerable Tomcat servers.
- Indicators of compromise include unexpected JSP files, suspicious web requests, and unusual PUT requests in server logs.
What the Indonesian Government and Related Institutions Should Do:
- Issue an immediate alert to organizations utilizing Apache Tomcat, particularly government agencies and critical infrastructure, to assess their exposure to CVE-2025-24813.
- Mandate the patching or upgrading of vulnerable Apache Tomcat versions (including 8.5.x) to the latest secure versions as a priority across all relevant sectors.
What Indonesian Citizens Should Know and Do:
- IT professionals and system administrators should verify their Apache Tomcat installations against the vulnerable versions listed in the article and apply the recommended security updates promptly.
- Implement network-level controls, such as access restrictions, for Apache Tomcat servers if immediate patching is not possible, and continuously monitor server logs for any suspicious activity.
Read more..
https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis