Tag :
Cyber Security

About the Vulnerability

Introduction

The Apache Tomcat software is an open-source implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Annotations, and Jakarta Authentication specifications. These specifications are part of the Jakarta EE platform.

Summary

On March 11, 2025, Sangfor FarSight Labs received notification that an Apache-Tomcat component contains information of code execution vulnerability(CVE-2025-24813), classified as high in threat level.

Tomcat contains a critical code execution vulnerability that could be exploited by unauthorized attackers to execute remote code, disclose sensitive information, or corrupt data.

Affected Versions

9.0.0.M1 ≤ Apache Tomcat ≤ 9.0.98

10.1.0-M1 ≤ Apache Tomcat ≤ 10.1.34

11.0.0-M1 ≤ Apache Tomcat ≤ 11.0.2

Solutions

Remediation Solutions

Check the System Version

In the Windows system, execute this command: ./version.bat in the bin directory to view the Tomcat version.

Executing the command: ./version.bat in the bin directory to check the Tomcat version on a Windows system

Official Solution

The latest version has been officially released to fix the vulnerability. Affected users are advised to update the version of Tomcat to the following versions:

Apache Tomcat 11.0.3 or versions above

Apache Tomcat 10.1.35 or versions above

Apache Tomcat 9.0.99 or versions above

Download link: https://tomcat.apache.org/security-11.html

Sangfor Solutions

Risky Assets Detection

Support is provided for proactive detection of Apache-Tomcat; and it is capable of quickly batch identifying the affected asset conditions of this event in business scenarios. Related product is as follows:

[Sangfor aES] has released a detection scheme, with Fingerprint ID: 0006642.

Vulnerability Proactive Detection

Support is provided for proactive detection of Apache Tomcat Remote Code Execution Vulnerability(CVE-2025-24813); and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:

[Sangfor Cyber Guardian MDR] is expected to release a detection scheme on March 16, 2025, with Rule ID: SF-20005-21041.

[Sangfor Omni-Command XDR] is expected to release a detection scheme on March 16, 2025, with Rule ID: SF-0005-21040.

Timeline

On March 11, 2025, Sangfor FarSight Labs received notification of Apache Tomcat Remote Code Execution Vulnerability.

On March 11, 2025, Sangfor FarSight Labs released a vulnerability alert.

Reference

https://tomcat.apache.org/security-11.html

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Security Feature Bypass in Microsoft Office (CVE-2026-21509)

Date : 27 Jan 2026
Read Now

Authentication Bypass in Oracle WebLogic Server Proxy Plug-in (CVE-2026-21962)

Date : 22 Jan 2026
Read Now

Command Injection in the phMonitor Service of Fortinet FortiSIEM (CVE-2025-64155)

Date : 15 Jan 2026
Read Now

See Other Product

Cyber Command - NDR Platform
MDR TCO Calculator - User Input Page
Endpoint Secure
MDR TCO Calculator - Report Page
Sangfor Athena SWG - Secure Web Gateway
Sangfor Zero Trust Data Protection

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail