TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

A critical remote code execution (RCE) vulnerability (CVE-2025-24813) affecting Apache Tomcat has been detected and actively exploited within a week of disclosure. The flaw, which allows attackers to execute arbitrary code on targeted servers without authentication, is being exploited by Chinese operators and has prompted warnings from CISA. Exploitation only requires Tomcat to use file-based session storage, and attackers can execute code by sending specific GET and PUT requests. Affected versions include Tomcat 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98.

'Dead simple' RCE exploit in Apache Tomcat under attack