Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC

A rapidly exploited vulnerability with a major blast radius

A recently disclosed vulnerability in Apache Tomcat, CVE-2025-24813, is drawing significant attention due to its ease of exploitation, rapid adoption by attackers, and widespread usage across enterprise environments. This vulnerability is a blend of path traversal issues and deserialization flaws, potentially allowing for remote code execution (RCE) or the exfiltration of sensitive data.

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Aaron Linskens. Read the original post at: https://www.sonatype.com/blog/apache-tomcat-vulnerability-widespread-exploitation-and-key-insights-from-sonatype