Apache Tomcat Serialized Payload RCE (CVE-2025-24813)

LetsDefend Monitoring Alert

May, 30, 2025, 06:19 PM

Event ID: 318

Event Time: May, 30, 2025, 06:19 PM

Rule Name: SOC340 - Apache Tomcat Serialized Payload RCE (CVE-2025-24813)

Alert Type: Web Attack

MITRE Technique:

T1059.004 - Execution - Unix Shell,

T1190 - Initial Access - Exploit Public-Facing Application,

T1105 - Command and Control - Ingress Tool Transfer,

T1005 - Collection - Data from Local System,

T1210 - Lateral Movement - Exploitation of Remote Services,

T1071.001 - Command and Control - Application Layer Protocol: Web Protocols,

Severity: Critical

Incident Responder

45305 Catalina ct. Suite 150, Sterling VA 20166