See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2025-24813

CVSS 3.1 Score 9.8 of 10 (high)

Attack Complexity low

Confidentiality high

Integrity high

Availability high

Scope unchanged

Privileges Required none

Details

Published Mar 10, 2025

Updated: Mar 21, 2025

CWE ID 44

CWE ID 502

CWE ID 706

Summary

CVE-2025-24813 is a vulnerability in Apache Tomcat affecting versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98. Malicious users with the ability to write to the default servlet, enabled support for partial PUT, and knowledge of security sensitive file names could view or modify these files. Moreover, if an application uses Tomcat's file-based session persistence and includes a susceptible library, this vulnerability could lead to remote code execution. Users are advised to upgrade to the fixed versions 11.0.3, 10.1.35, or 9.0.99.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Tomcat

Affected Vendors

Apache Corporation

Advisories, Assessments, and Mitigations

Back to Vulnerability Database