Vulnerability Overview
Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)
NSFOCUS Detection Methods
NSFOCUS Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS) and Network Intrusion Detection System (IDS) have the ability to scan and detect this vulnerability. Users who deploy the above devices are requested to upgrade to the latest version.
Upgrade site: NSFOCUS_Product Support Service_Product Upgrade
Risk Screening of Exposure Surface
NSFOCUS External Attack Surface Management (EASM) supports the Internet asset investigation of CVE-2025-24813 vulnerability risks. It has helped service customers complete exposure surface investigation and risk verification, and timely conduct vulnerability early warning and closed-loop disposal before threats occur. Interested customers can contact NSFOCUS‘s local regional team or send an email to rs@nsfocus.com for detailed consultation.
Local Risk Screnning
NSFOCUS CTEM solution can actively and passively discover and troubleshoot Tomcat-related assets. The user uses the external attack surface discovery function to synchronize CVE-2025-24813 vulnerability clues to the cloud, and obtain the affected assets of the target unit by asset mapping. CTEM accesses the product fingerprint database of EASM, and supports searching for ports and fingerprint information of assets. User can directly match assets through the type and version of middleware in the asset list, constrcut mapping by fingerprint identification or PoC scanning. CTEM supports port scanning and the calling of various scanning devices. The internal version of NSFOCUS EZ also supports Tomcat’s service identification and CVE-2025-24813 vulnerability risk detection, which can be directly scanned by the web module. (Note: please contact NSFOCUS sales personnel for the internal version)
Download link of the tool: https://github.com/m-sec-org/EZ/releases
Mitigation by NSFOCUS Products
NSFOCUS Web Application Protection System (WAF) supports protection against historical general rules. The Intrusion Prevention System (IPS) and NSFOCUS Intelligent Security Operations Platform (ISOP) have released rule upgrade packages. Please update the rule package to the latest version to form security product protection and monitoring capabilities.
NSFOCUS WAF (Hardware)(WAF) Upgrade List
NSFOCUS NIPS(Hardware)(IPS) Upgrade List
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.
Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications companies.
Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.
