Tomcat vulnerability CVE-2025-24813
Hi,
Summary: Apache Tomcat is vulnerable to a Path Equivalence issue, allowing for remote code execution, information disclosure, and injection of malicious content into uploaded files. The vulnerability affects versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98. If certain conditions are met, a malicious user can view security sensitive files, inject content, and execute arbitrary code. Users are advised to upgrade to version 11.0.3, 10.1.35, or 9.0.99 to mitigate the issue.
Impact: If exploited, this vulnerability could lead to the compromise of security sensitive files, injection of malicious content, and remote code execution on the affected system.
Remediation: Apply the latest patches and updates provided by the respective vendors.
Summary: Apache Tomcat is vulnerable to a Path Equivalence issue, allowing for remote code execution, information disclosure, and injection of malicious content into uploaded files. The vulnerability affects versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98. If certain conditions are met, a malicious user can view security sensitive files, inject content, and execute arbitrary code. Users are advised to upgrade to version 11.0.3, 10.1.35, or 9.0.99 to mitigate the issue.
Impact: If exploited, this vulnerability could lead to the compromise of security sensitive files, injection of malicious content, and remote code execution on the affected system.
Remediation: Apply the latest patches and updates provided by the respective vendors.
Do you have a plan for a new release to upgrade Tomcat to version 9.0.99 soon?
Apache Tomcat® - Apache Tomcat 9 vulnerabilities