In March 2025, the Apache Software Foundation disclosed several high-severity vulnerabilities impacting two of its most widely deployed platforms: Apache Tomcat and Apache Camel.
Within days, active scanning and exploitation attempts surged worldwide, prompting urgent patching advisories from security researchers and vendors.
Critical Flaws Uncovered
The...
Apache Tomcat, the widely used open-source Java servlet container, disclosed four security vulnerabilities on June 16, 2025, including two high-severity denial-of-service (DoS) vulnerabilities and a moderate-risk authentication bypass issue.
The vulnerabilities affect all major Tomcat branches (versions 9.x, 10.x, and 11.x), potentially exposing millions...