Outbreak alert: Apache Tomcat RCE
| Description | This article describes the detection of the Apache Tomcat RCE (CVE-2025-24813).
Apache Tomcat Vulnerability (versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98) allows attackers to view or inject malicious content into sensitive files through the default servlet with partial PUT support enabled. |
| Scope | FortiDevSec SCA scanner updated in version 25.1. |
| Solution | Detection against these vulnerabilities is empowered by the FortiDevSec Software Composition Analysis (SCA) scanner.
This technology enables FortiDevSec to assess with a high confidence level if the application codebase is vulnerable to a specific vulnerability by identifying open-source software dependencies.
The SCA scanner is enabled by default. Once the scan is performed on an application, the result appears under the Software Composition Analysis tab.
A step-by-step guide on how to scan an application is available in the user guide.
For more details regarding mitigating the vulnerability by utilizing Fortinet products, refer to the Outbreak Alert: Apache Tomcat RCE. |