Tomcat CVE-2025-24813: What You Need to Know
A breakdown of CVE-2025-24813 in Apache Tomcat—what it is, who’s actually at risk, and why most users likely aren’t affected. Keep calm and patch your servers.
A lot of noise is swirling around this Apache Tomcat RCE chain—but should you be worried? Our security researcher Jon Williams breaks it down:
- Patches are available—upgrade immediately if you can.
- Most Tomcat instances aren’t vulnerable unless specific settings are misconfigured.
- Reports of active exploitation may be exaggerated.