CISA Updates Catalog with New Exploited Vulnerability: CVE-2025-24813

Posted Apr 1, 2025

By Tom Grant

1 min read

TL;DR

CISA has added CVE-2025-24813, an Apache Tomcat Path Equivalence Vulnerability, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This update underscores the importance of timely remediation to mitigate significant risks to federal and private sector organizations.

CISA Adds New Vulnerability to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new vulnerability to its Known Exploited Vulnerabilities Catalog. This addition is based on evidence of active exploitation, highlighting the critical need for organizations to address these security risks promptly.

Vulnerability Details

The newly added vulnerability is:

CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability

This type of vulnerability is a common attack vector for malicious actors, posing significant risks to federal and private sector organizations.

Binding Operational Directive (BOD) 22-01

Binding Operational Directive (BOD) 22-01 established the Known Exploited Vulnerabilities Catalog as a dynamic list of known Common Vulnerabilities and Exposures (CVEs) that present substantial risks. BOD 22-01 mandates that Federal Civilian Executive Branch (FCEB) agencies remediate identified vulnerabilities by the specified due date to safeguard against active threats. For more information, refer to the BOD 22-01 Fact Sheet.

Recommendations for All Organizations

Although BOD 22-01 specifically applies to FCEB agencies, CISA strongly advises all organizations to prioritize the timely remediation of Catalog vulnerabilities as part of their vulnerability management practices. This proactive approach helps reduce exposure to cyberattacks and enhances overall cybersecurity posture.

CISA will continue to update the catalog with vulnerabilities that meet the specified criteria, ensuring that the list remains a valuable resource for cybersecurity professionals.

Conclusion

The addition of CVE-2025-24813 to CISA’s Known Exploited Vulnerabilities Catalog serves as a reminder of the ongoing need for vigilance and prompt action in addressing cybersecurity threats. Organizations across all sectors should prioritize the remediation of known vulnerabilities to protect against potential exploits and maintain robust cybersecurity defenses.

For more details, visit the full article: source

Additional Resources

For further insights, check:

Cybersecurity & Data Protection, Vulnerabilities

cybersecurity vulnerabilities cisa

This post is licensed under CC BY 4.0 by the author.