Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Apache Tomcat: Important Security Patch Released for Remote Code Execution
ROOT-APP-MAVEN-CVE-2025-24813
Summary
A patch has been released for the Apache Tomcat library that prevents attackers from potentially running unauthorized code on your server. This affects systems running outdated versions of the library. To stay secure, update to the latest patched version of Apache Tomcat as soon as possible.
What to do
- Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.13-root.io.9.
- Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.13-root.io.11.
- Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.34-root.io.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:Maven | – | io.root.org.apache.tomcat:tomcat-catalina |
< 10.1.13-root.io.9 < 10.1.13-root.io.11 < 10.1.34-root.io.1 Fix: upgrade to 10.1.13-root.io.9
|
Original title
CVE-2025-24813 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root
Original description
Root has patched CVE-2025-24813 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available.
Published: 18 May 2026 · Updated: 18 May 2026 · First seen: 7 Apr 2026