Aman Mishra
2025-07-03 10:32:00
gbhackers.com
The Apache Foundation disclosed several critical vulnerabilities affecting two of its widely used software platforms, Apache Tomcat and Apache Camel, sparking immediate concern among cybersecurity experts and organizations worldwide.
Apache Tomcat, a popular platform for running Java-based web applications, was found to have a severe flaw identified as CVE-2025-24813.
This vulnerability, impacting versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2, allows remote code execution (RCE) by exploiting the partial PUT feature when session persistence is enabled.
Critical Flaws in Popular Apache Software Exposed
The flaw enables attackers to overwrite serialized session files on disk through crafted HTTP requests, ultimately executing malicious code with Tomcat privileges.
Simultaneously, Apache revealed two additional RCE vulnerabilities in Apache Camel, a message routing middleware framework, labeled as CVE-2025-27636 and CVE-2025-29891.
These affect versions 4.10.0 to 4.10.1, 4.8.0 to 4.8.4, and 3.10.0 to 3.22.3, allowing attackers to bypass header filters due to case-sensitive logic and execute arbitrary commands, potentially leading to reverse shell attacks.
The disclosure of these vulnerabilities triggered a swift response from the cyber threat landscape, with researchers publishing proof-of-concept (PoC) exploits and scans for vulnerable servers detected in the wild shortly after the announcements.
Palo Alto Networks reported blocking 125,856 probes, scans, and exploit attempts related to these flaws in March 2025 alone, originating from over 70 countries.
Rapid Exploitation
The activity peaked within the first week of disclosure, indicating the presence of automated scanners like the Nuclei Scanner and active exploitation attempts.
For CVE-2025-24813, exploit attempts often involved staging malicious payloads via HTTP PUT requests with specific session names and Content-Range headers, followed by HTTP GET requests to trigger deserialization of the malicious code.
Similarly, Apache Camel exploits leveraged manipulated headers to execute commands, with some attempts aiming to establish connections to out-of-band application security testing (OAST) servers.
The ease of exploiting these flaws, coupled with the widespread use of Apache software by millions of developers, underscores their severity, as successful attacks could lead to data breaches or lateral network movement.
Palo Alto Networks has urged organizations to apply patches immediately, emphasizing that their Next Generation Firewall with Advanced Threat Prevention, Advanced URL Filtering, and Cortex Xpanse can help mitigate risks by identifying and blocking malicious traffic and external-facing vulnerable servers.
For those suspecting a compromise, the Unit 42 Incident Response team is available for assistance. Below is a table summarizing key Indicators of Compromise (IoCs) observed in these attacks.
Indicators of Compromise (IoCs
| Vulnerability | Type | Details |
|---|---|---|
| CVE-2025-24813 (Tomcat) | Source IP Addresses | 54.193.62.84, 96.113.95.10, 209.189.232.134, 162.241.149.101, 167.172.67.75, etc. |
| Activity URLs | PUT /qdigu/session, PUT /UlOLJo.session | |
| SHA256 Hash of Payloads | 6a9a0a3f0763a359737da801a48c7a0a7a75d6fa810418216628891893773540, etc. | |
| CVE-2025-27636, CVE-2025-29891 (Camel) | Source IP Addresses | 30.153.178.49, 54.147.173.17, 54.120.8.214, 139.87.112.169, 64.39.98.52, etc. |
| Activity Headers | CAmelHttpResponseCode, CAmelExecCommandExecutable, CAmelExecCommandArgs, CAmelBeanMethodName |
Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free
Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.
Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!
Help Power Techcratic’s Future – Scan To Support
If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.
As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!
BITCOIN
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge Scan the QR code with your crypto wallet app |
DOGECOIN
D64GwvvYQxFXYyan3oQCrmWfidf6T3JpBA Scan the QR code with your crypto wallet app |
ETHEREUM
0xe9BC980DF3d985730dA827996B43E4A62CCBAA7a Scan the QR code with your crypto wallet app |
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.
