Advisory 84

Advisory 84: Apache Tomcat Path Equivalence Vulnerability – CVE-2025-24813

Release Date: 1st of April 2025

Impact : HIGH / CRITICAL

TLP Rating: Clear

CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users.

What is it?

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.

 

References

1.https://www.cisa.gov/known-exploited-vulnerabilities-catalog

2.https://www.cve.org/CVERecord?id=CVE-2025-24813

3.https://www.cyber.gc.ca/en/alerts-advisories/vulnerability-impacting-apache-tomcat-cve-2025-24813