CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability. Apache Tomcat
Apache Tomcat Path Equivalence Vulnerability. Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.
- CISA KEV-listed (remediation due 2025-04-22)
- EPSS 94.1% (99.9% percentile)