Recently, Apache Tomcat officially released a security notice, disclosing a Remote Code Execution Vulnerability (CVE-2025-24813). 'file. Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.

Apache Tomcat is an open source lightweight application server widely used in Java Web application. If you are an Apache Tomcat user, check your system and implement timely security hardening.

Note：Using the default servlet is safe.

https://cwiki.apache.org/confluence/display/WW/S2-067

critical

(Severity: low, medium, important, and critical)

11.0.0-M1 <= Apache Tomcat <= 11.0.2

10.1.0-M1 <= Apache Tomcat <= 10.1.34

9.0.0.M1 <= Apache Tomcat <= 9.0.98

Apache Tomcat >= 11.0.3

Apache Tomcat >=10.1.35

Apache Tomcat >= 9.0.99

This vulnerability has been fixed in later official versions. If your service version falls into the affected range, upgrade it to a latest secure version.

https://tomcat.apache.org/security-11.html

https://tomcat.apache.org/security-10.html

https://tomcat.apache.org/security-9.html

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.

Get more professional support at any time

Contact Us