<ul><li>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-24813, to its Known Exploited Vulnerabilities (KEV) catalog.</li><li>The Apache Tomcat vulnerability CVE-2025-24813 allows remote code execution or information disclosure if specific conditions are met.</li><li>Tomcat versions 9.0.99, 10.1.35, and 11.0 addressed the vulnerability.</li><li>Users are recommended to update their affected Tomcat versions immediately to mitigate potential threats.</li></ul>

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog

Discover more