You received a security advisory regarding the following critical vulnerability:
 
CVE-2025-24813 - Apache Tomcat Path Traversal & Remote Code Execution (RCE).

You would like to know if Data Center Security (DCS) is affected by this vulnerability.

DCS 6.9.x

CVE-2025-24813 is a critical Remote Code Execution (RCE) vulnerability affecting Apache Tomcat. The flaw originates from a path equivalence issue in the server’s request-handling mechanism, allowing attackers to bypass security constraints and execute arbitrary code remotely.

By crafting specially designed HTTP requests, attackers can gain unauthorized access to restricted resources, manipulate server configurations, and execute malicious commands. This vulnerability is particularly dangerous due to Apache Tomcat’s widespread use in enterprise environments, where successful exploitation could lead to privilege escalation, data exfiltration, and lateral movement across networks.

DCS is not affected, please refer to our official: Enterprise Security Group Advisory for CVE-2025-24813

NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-24813 

MITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24813