Advanced

Remote Code Execution in Apache Tomcat: What You Should Know

CVE-2025-24813 is a Critical (CVSS 9.8), unauthenticated, remotely exploitable vulnerability in Apache Tomcat, driven by insufficient file name normalization during partial PUT request ha...

Apache Tomcat is an open-source web server and servlet container. It provides a platform for running Java-based web applications, handling tasks such as serving web pages, processing HTTP requests, and executing Java servlets and JSPs (JavaServer Pages) behind the scenes.

Tomcat has been in widespread use for a long time and is trusted in both enterprise and smaller environments. It is frequently bundled into third-party software packages or embedded in custom-built applications.

Because Tomcat is lightweight, easy to configure, and flexible, it ends up deployed in a very wide variety of places. This ubiquity is precisely why a vulnerability of this kind carries such broad potential impact — any organization running an out-of-date instance is potentially exposed.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: The Apache Tomcat Partial PUT Remote Code Execution Vulnerability (CVE-2025-24813)
  3. 3 Summary

More Vulnerability Briefings courses

View all 30

Interested in this course?

Contact us to book it or get a custom training plan for your team.