Apache News Articles

Apache InLong CVE-2025-27522 Exposes RCE Attacks

CVE-2025-27522 affects Apache InLong 1.13.0–2.1.0, enabling remote code execution via unsafe deserialization.

17 hours ago

Apache Parquet exploit tool detect servers vulnerable to critical flaw

A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers.

3 weeks ago

Apache Parquet Java Vulnerability CVE-2025-46762 RCE Risk

A vulnerability in Apache Parquet Java (CVE-2025-46762) exposes systems to remote code execution (RCE) attacks.

4 weeks ago

PoC Published for Exploited SonicWall Vulnerabilities

PoC code targeting two exploited SonicWall vulnerabilities was published just CISA added them to the KEV catalog.

4 weeks ago

watchTowr Warns of Active Exploitation of SonicWall SMA 100 Devices

watchTowr reveals active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475 & CVE-2023-44221) leading to full system takeover.

1 month ago

CISA Confirms Exploitation of SonicWall Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency has added two flaws affecting SonicWall products to its catalog of Known Exploited Vulnerabilities

1 month ago

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) - Help Net Security

Attackers have exploited known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise Sonicwall secure mobile access devices.

1 month ago

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

1 month ago

SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)

Another day, another edge device being targeted - it’s a typical Thursday! In today’s blog post, we’re excited to share our previously private analysis of the now exploited in-the-wild N-day vulnerabilities affecting SonicWall’s SMA100 appliance. Over the last few months, our client base has fed us

1 month ago

Two SonicWall SMA100 flaws actively exploited in the wild

SonicWall confirmed that threat actors actively exploited two vulnerabilities impacting its SMA100 Secure Mobile Access (SMA) appliances.

1 month ago

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

SonicWall confirms wild exploitation of CVE-2023-44221 and CVE-2024-38475 in SMA100 devices, risking file access and session hijacking.

1 month ago

SonicWall Flags Two More Vulnerabilities as Exploited

SonicWall has updated the advisories for two vulnerabilities to warn that they are being exploited in the wild.

Multiple Vulnerabilities in Apache Tomcat Software

The Apache Software Foundation has released updates addressing multiple vulnerabilities affecting their Apache Tomcat software. Users and administrators of...

Critical Vulnerability in Apache Roller

Apache Software Foundation has released updates addressing a critical vulnerability affecting their Apache Roller. Users and administrators of the affected...

Max Severity Bug in Apache Roller Enabled Persistent Access

The remediated flaw gave adversaries a way to maintain access to the app through password resets.

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

A critical flaw (CVE-2025-24859) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected

Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence

Apache Roller flaw CVE-2025-24859 keeps sessions active after password changes, risking persistent access.

Apache Roller Vulnerability Allows Hackers to Bypass Access Controls

A newly disclosed vulnerability in Apache Roller, the popular open-source blog server, could allow attackers to bypass critical access controls.

Apache Roller Flaw Exposes Systems to Unauthorized Access

This flaw, present in all versions from 1.0.0 up to 6.1.4, allows active user sessions to persist even after a password change, exposing blog sites.

Open Source Security Mailing List

SecLists.org archive for the Open Source Security mailing list: Discussion of security flaws, concepts, and practices in the Open Source community

President Trump fires the head of NSA and Cyber Command.

Patch issued for maximum severity flaw affecting Apache Parquet. China-linked threat actor exploits Ivanti Connect Secure vulnerability.

Critical Apache Parquet Vulnerability Allows Remote Code Execution

A severe vulnerability has been identified in the Apache Parquet Java library, specifically within its parquet-avro module.

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

Apache Parquet flaw CVE-2025-30065 enables remote code execution from crafted files, risking data pipelines.

Critical Apache Parquet Vulnerability Leads to Remote Code Execution

A critical vulnerability in Apache Parquet can be exploited to execute arbitrary code remotely, leading to complete system compromise.

Max severity RCE flaw discovered in widely used Apache Parquet

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

CISA Alerts on Active Exploitation of Apache Tomcat Vulnerability

CISA has issued a high-priority alert regarding the active exploitation of CVE-2025-24813, a critical vulnerability within Apache Tomcat.

Apache Tomcat Vulnerability Exploited to execute Malicious arbitrary code on servers

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-24813, is being actively exploited in Apache Tomcat servers.

Apache Tomcat: CVE-2025-24813: Active Exploitation

Learn about CVE-2025-24813 affecting Apache Tomcat products. Patch now to prevent remote code execution.

Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers

A critical vulnerability in Apache Tomcat has been actively exploited by attackers to achieve remote code execution (RCE) on vulnerable servers.

Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC

A critical Apache Tomcat vulnerability (CVE-2025-24813) was exploited 30 hours after disclosure. Vulnerable versions were downloaded 100K times post-PoC.

Critical Vulnerability in Apache Tomcat Software

The Apache Software Foundation has released updates addressing a critical vulnerability which affects their Apache Tomcat software. Users and administrators ...

Critical Apache Tomcat RCE vulnerability exploited

Attack attempts via CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations, according to GreyNoise.

CVE-2025-24813 : Apache Tomcat RCE Vulnerability Analysis - CYFIRMA

Published On : 2025-03-21 EXECUTIVE SUMMARY CVE-2025-24813 is a critical Remote Code Execution (RCE) vulnerability in Apache Tomcat, stemming from a path equivalence flaw that allows attackers to...

Hackers Actively Exploit Apache Tomcat Servers via CVE-2025-24813 – Patch Now

A concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813.

Recent Apache Tomcat RCE Vulnerabilities

There has been a recent string of media-hyped open-source component vulnerabilities in Apache Tomcat over the last several weeks. One of these (CVE-2025-24813) is receiving heightened scrutiny because it is...

CERT NZ Shares Advisory For Apache Tomcat Vulnerability

The New Zealand Computer Emergency Response Team (CERT NZ) has shared security advisory for Apache Tomcat Vulnerability CVE-2025-24813.

Apache Tomcat flaw actively exploited; could allow 'devastating' RCE

Remote code execution may be achieved on vulnerable servers with a single PUT API request.

'Dead simple' RCE exploit in Apache Tomcat under attack

A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the wild within a week of its disclosure. The vulnerability is CVE-2025-24813, and...

Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum

Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.

Apache Tomcat RCE Vulnerability Under Fire With Exploit

The researchers who discovered the initial assault warned that the simple, staged attack is just the beginning for advanced exploit sequences that will test cyber defenses in new and more difficult ways.

Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure

Apache Tomcat flaw CVE-2025-24813 is under active exploitation, enabling remote code execution via PUT requests.

oss-sec: CVE-2025-29891: Apache Camel: Camel Message Header Injection through request parameters

oss-sec mailing list archives From: Andrea Cosentino <acosentino () apache org> Date: Wed, 12 Mar 2025 14:06:47 +0000 Severity: important Affected versions: - Apache Camel 4.10.0 before 4.10.2 -...

Critical RCE flaw in Apache Tomcat actively exploited in attacks

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.

Tomcat Vulnerability Exploited in the Wild to Take Over Apache Tomcat Servers

A critical remote code execution vulnerability in Apache Tomcat (CVE-2025-24813) is actively being exploited in the wild, enabling attackers to take complete control of vulnerable servers. 

Hackers Exploit Tomcat Vulnerability to Hijack Apache Servers

A recent and significant cybersecurity threat has emerged involving a critical vulnerability in Apache Tomcat, identified as CVE-2025-24813.

Apache Camel Vulnerability Allows Attackers to Inject Arbitrary Headers

A newly disclosed security vulnerability in Apache Camel, tracked as CVE-2025-27636, has raised alarms across the cybersecurity community.

Apache Camel RCE Vulnerability PoC Exploit Released in GitHub

A Proof of Concept (PoC) exploit for the Apache Camel vulnerability CVE-2025-27636 has been released on GitHub.

Critical Apache Tomcat Vulnerability Discovered: Immediate Patching Required

A serious security vulnerability has been identified in Apache Tomcat, potentially exposing servers to remote code execution (RCE), information disclosure, and data corruption. The vulnerability, designated...

New Apache Traffic Server Flaws Allow Malformed Request Exploits

The Apache Software Foundation has disclosed several vulnerabilities affecting its Traffic Server software.