Threat actors have been leveraging the critical Apache Tomcat vulnerability, tracked as CVE-2025-24813, in ongoing intrusions, SC Media reports.
Exploiting the flaw, which stems from the server platform's PUT request processing mechanism, could enable evasion of security protections, execution of malicious commands, and total hijacking of targeted servers, according to an analysis from Wallarm.
Malicious JSP file uploads, configuration changes, and backdoor injections could also be eventually performed by attackers abusing the flaw.
"This attack is dead simple to execute and requires no authentication," said Wallarm researchers. "The only requirement is that Tomcat is using file-based session storage, which is common in many deployments. Worse, base64 encoding allows the exploit to bypass most traditional security filters, making detection challenging."
Immediate updates to Apache Tomcat versions 11.0.3, 10.1.35, or 9.0.98 have been urged to address the security bug, which researchers regarded as indicative of a more significant issue within the platform.
