GreyNoise Observes Active Exploitation of Critical Apache Tomcat RCE Vulnerability (CVE-2025-24813)
ATT&CK techniques detected
T1190Exploit Public-Facing Application
95%
"greynoise observes active exploitation of critical apache tomcat rce vulnerability ( cve - 2025 - 24813 ) attackers are actively exploiting apache tomcat servers by leveraging cve - 2025 - 24813, a newly disclosed vulnerability that, if successfully exploited, could enable remote…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
92%
", these early signs of activity suggest more exploitation is likely to follow. geographic distribution targeted regions the majority of exploit attempts targeted systems in the united states, japan, india, south korea, and mexico, with over 70 % of sessions directed at u. s. - ba…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Attackers are actively exploiting Apache Tomcat servers by leveraging CVE-2025-24813, a newly disclosed vulnerability that, if successfully exploited, could enable remote code execution (RCE). GreyNoise has identified multiple IPs engaging in this activity across multiple regions.