CVE-2025-24813 Vulnerability in Tomcat versions 9.0, 10.1 and 11.0

62 views

Skip to first unread message

DSpace Community

unread,

Mar 18, 2025, 12:15:33 PM3/18/25

to DSpace Community

All,

You may have already come across this, but Apache Tomcat has had a major RCE (Remove Code Execution) vulnerability (CVE-2025-24813) announced within the last week, and exploits are already occurring.

While not all installations of Tomcat may be impacted, it is important for all DSpace sites (which often use Tomcat) review the vulnerability information and/or consider an immediate upgrade to your Tomcat installation.

Vulnerable versions of Tomcat include 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2.

You are NOT impacted if you are already running Tomcat 9.0.99, 10.1.35 or 11.0.3 (or any later Tomcat release).

For more information see these resources:

https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html

https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813

Tim

Reply all

Reply to author

Forward

0 new messages