Critical RCE Flaw in Apache Tomcat: What to Know
Mar 21, 2025
•
Brittany Day
- Application 1: Debian, openSUSE, Oracle, SuSE
- Application 2: Debian, Mageia, openSUSE
Fellow Linux admins-
Malicious threat actors are currently exploiting a remote code execution via deserialization in Apache Tomcat servers worldwide and may be putting regular users at risk of having their data exposed. Tomcat is widely used to deploy and serve Java-based web applications. This flaw could be used to distribute malware or phishing content to users, potentially leading to further security breaches on users' systems.
Learn more about Apache Tomcat and how this "deserialization" hack allows an attacker to upload files that, when processed by the server, could lead to data exposure, server compromise or distribution of malicious content.
You'll also learn about critical flaws recently discovered and fixed in Chrome, which could allow attackers to execute arbitrary code, steal sensitive information, or crash the browser, causing significant disruptions.
If you found value in today’s newsletter, please share it with your friends! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!
Yours in Open Source,
Dave Wreski
LinuxSecurity Founder
Apache TomcatThe DiscoveryApache Tomcat servers worldwide are under attack after the discovery of CVE-2025-24813, an actively exploited remote code execution (RCE) flaw. |
ChromeThe DiscoverySeveral critical flaws were recently discovered in Chrome, including an out-of-bounds read in V8 and defects across DevTools Profiles and PDFium. |
PREVIOUS
NEXT
