A recently disclosed security flaw impacting Apache Tomcat is actively exploited in the wild following the release of a public proof-of-concept just thirty hours after public disclosure. CVE-2025-24813 is the (for a short while) attackers new best friend since authentication is not required to pull off an attack Tomcat is an infrastructure component: its embedded in something else you own and run. As such, it might not be on your radar. After all, you bought and paid for Biggus Software I...
