CSOonline

Tomcat PUT to active abuse as Apache deals with critical RCE flaw

Apache Software’s open-source web container for handling Java-based web applications, Tomcat, is under active attacks through a critical RCE flaw the company disclosed last week. According to API ...
Bleeping Computer

Critical RCE flaw in Apache Tomcat actively exploited in attacks

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.
Hosted on MSN

'Dead simple' hijacking hole in Apache Tomcat 'now actively exploited in the wild'

The vulnerability is CVE-2025-24813, and was revealed on March 10 along with updates to close the hole in the open source web server software. According to API security shop Wallarm, an exploit for ...