GreyNoise Observes Active Exploitation of Critical Apache Tomcat RCE Vulnerability (CVE-2025-24813)

Security vendor GreyNoise has reported active exploitation of a critical remote code execution vulnerability affecting Apache Tomcat servers, identified as CVE-2025-24813. Attackers are leveraging this flaw to execute arbitrary code remotely on vulnerable instances across multiple geographic regions. While no specific threat actor group or malware family has been attributed to this campaign at this time, the active nature of the exploitation poses a significant risk to organizations running affected versions. Successful exploitation could lead to full system compromise. Immediate mitigation involves patching Apache Tomcat to the latest secure version and monitoring network traffic for suspicious activity associated with this CVE. Organizations are urged to prioritize remediation due to the critical severity rating and evidence of widespread scanning and exploitation attempts observed by intelligence providers.

Attackers are actively exploiting Apache Tomcat servers by leveraging CVE-2025-24813, a newly disclosed vulnerability that, if successfully exploited, could enable remote code execution (RCE). GreyNoise has identified multiple IPs engaging in this activity across multiple regions.

Security vendor GreyNoise has reported active exploitation of a critical remote code execution vulnerability affecting Apache Tomcat servers, identified as CVE-2025-24813. Attackers are leveraging this flaw to execute arbitrary code remotely on vulnerable instances across multiple geographic regions. While no specific threat actor group or malware family has been attributed to this campaign at this time, the active nature of the exploitation poses a significant risk to organizations running affected versions. Successful exploitation could lead to full system compromise. Immediate mitigation involves patching Apache Tomcat to the latest secure version and monitoring network traffic for suspicious activity associated with this CVE. Organizations are urged to prioritize remediation due to the critical severity rating and evidence of widespread scanning and exploitation attempts observed by intelligence providers. Attackers are actively exploiting Apache Tomcat servers by leveraging CVE-2025-24813, a newly disclosed vulnerability that, if successfully exploited, could enable remote code execution (RCE). GreyNoise has identified multiple IPs engaging in this activity across multiple regions. Attackers are actively exploiting Apache Tomcat servers by leveraging CVE-2025-24813, a newly disclosed vulnerability that, if successfully exploited, could enable remote code execution (RCE). GreyNoise has identified multiple IPs engaging in this activity across multiple regions.