FortiGuard Outbreak Alert: Apache Tomcat RCE
| Description | Apache TomCat is a popular open-source software to deploy and run Java web applications.
FortiGuard Labs have observed active exploration of CVE-2025-24813 in Apache TomCat.
CVE-2025-24813 is a remote code execution vulnerability in Apache TomCat which could allow attackers view sensitive information and write information to the system.
The following version of Tomcat are vulnerable to CVE-2025-24813:
| ||||||
| CVE ID | CVE-2025-24813 (https://nvd.nist.gov/vuln/detail/CVE-2025-24813) | ||||||
| NDR Cloud Detection Rule | FortiNDR Cloud v25.2+
| ||||||
| Playbook | N/A | ||||||
| Threat Hunting | FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Apache Tomcat RCE” related activities. IOC source: https://www.fortiguard.com/outbreak-ioc?tag=apache%20tomcat%20rce
All IOCs listed above have been added to Threat Intelligence Intel. | ||||||
| Suricata Coverage | Customers can create custom investigation/detections using the Suricata signatures below: 2060801 -> ET WEB_SPECIFIC_APPS Apache Tomcat Path Equivalence (CVE-2025-24813) | ||||||
| Other Fortinet Products | For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to: |