A critical vulnerability, CVE-2025–24813, has been discovered in Apache Tomcat, which could allow unauthorised access to an internal network.
This flaw originates from the improper handling of path equivalence checks when processing filenames containing internal dots, allowing attackers to manipulate filenames in a way that performs unauthorized actions and reveals information.
This vulnerability is particularly serious due to the widespread use of Apache Tomcat in enterprises, which means that many organisations could be at risk.
It affects versions 9.0.0.M1 to 9.0.98 of Apache Tomcat, and users are advised to update their software as soon as possible.
Educational resources on how to identify and exploit the vulnerability are available online, although users are advised not to exploit such vulnerabilities without authorisation, as it is illegal and punishable by law.