Vulnerability Overview Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) NSFOCUS Detection Methods NSFOCUS Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS) and Network Intrusion Detection System (IDS) have the ability to scan and detect this vulnerability. Users who deploy the above devices are requested to upgrade to the latest version. Upgrade site: NSFOCUS_Product Support Service_Product Upgrade  […]

Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement and fixed the remote code execution vulnerability of Apache Tomcat (CVE-2025-24813). An unauthenticated attacker can execute arbitrary code to gain server privileges when the application has servlet write enabled (disabled by default), uses Tomcat file session persistence and a default storage location, and contains […]