CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 22, 2025

High

CISA KEV

CVE-2025-24813

Apache—Tomcat

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.

Required Action

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https://nvd.nist.gov/vuln/detail/CVE-2025-24813

Vulnerability Overview

Severity: High
CISA KEV: Yes
Ransomware: Unknown
Published: Apr 1, 2025
KEV Added: Apr 1, 2025
Due Date: Apr 22, 2025
Related Articles: 0

Vendor

Apache

Tomcat