The Reveal Platform
Intel Name: Apache under the lens: tomcat’s partial put and camel’s header hijack
Date of Scan: July 4, 2025
Impact: High
Summary: In March 2025, Apache disclosed CVE-2025-24813, a critical RCE vulnerability in Apache Tomcat affecting versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2. Two additional RCE flaws, CVE-2025-27636 and CVE-2025-29891, were revealed in Apache Camel, impacting versions from 3.10.0 to 3.22.3 and 4.8.0 to 4.10.1. These issues are significant due to the widespread use of Apache platforms among developers. Patches were released, PoCs emerged quickly, and active scanning began soon after disclosure.
