Security Issues
Apache Tomcat (CVE-2025-24813), To those who are using Tomcat. You will 100% get hacked if you don't upgrade.
Refer link:https://cybersecuritynews.com/apache-tomcat-vulnerability-rce-attacks/
Mitigations
Administrators must:
- Deploy Tomcat 11.0.3, 10.1.35, or 9.0.98 to apply the fix.
- If upgrading isn’t feasible, set allowPartialPut=”false” in the DefaultServlet configuration.
- Ensure the default servlet’s readonly parameter remains true (default) to block unauthorized writes.
- Remove or update libraries susceptible to deserialization attacks (e.g., outdated XStream or JDK serialization modules).
For Java environments, additional measures include:
- Java 17: Set -Dsun.io.useCanonCaches=false to prevent case-insensitive filesystem conflicts.
- Java 21+: No further action required, as the problematic cache system was removed