Connects to any signal across any vendor stack and powers adaptive AI Operatives that expose, detect, and neutralize cyberattacks.
Atlas Operations CenterSee what our SOC sees, review investigations, and see how we are protecting your business.
Technology IntegrationsAtlas connects to any signal across your current security tools. Whatever you're running, we're running with you.
Extend your team with immediate expertise, hands-on remediation, and the human accountability layer that boards, regulators, and cyber insurers require.
Threat Response UnitProactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Response and RemediationPairs machine-speed containment with human judgment, delivering full threat response that's policy-bounded, reversible, and explainable.
MDR that moves first, multi-signal attack surface coverage, and 24/7 Elite threat hunters working as one continuous security program across any vendor stack.
Get unlimited Incident Response with threat suppression guarantee- anytime, anywhere.
Full alignment to the five-stages of CTEM operations; scope, discover, prioritize, validate, and mobilize against exposures attackers would use against you.
Flexible MDR pricing and packages that fit your unique security requirements.
Entry level foundational MDR coverage
Comprehensive Next Level eSentire MDR
Next Level eSentire MDR with Cyber Risk Advisors to continuously advance your security program
Stop ransomware before it spreads.
Identity ResponseStop identity-based cyberattacks.
Zero Day AttacksDetect and respond to zero-day exploits.
Cybersecurity ComplianceMeet regulatory compliance mandates.
Third-Party RiskDefend third-party and supply chain risk.
Cloud MisconfigurationEnd misconfigurations and policy violations.
Cyber RiskAdopt a risk-based security approach.
Mid-Market SecurityMid-market security essentials to prioritize.
Sensitive Data SecurityProtect your most sensitive data.
Cyber InsuranceMeet insurability requirements with MDR.
Cyber Threat IntelligenceOperationalize cyber threat intelligence.
Security LeadershipBuild a proven security program.
On May 14th, 2026, Cisco disclosed a maximum severity vulnerability in Cisco Catalyst Software-Defined Wide Area Network (SD-WAN) Controller and SD-WAN Manager. The vulnerability, tracked…
On May 5th, 2026, Palo Alto Networks disclosed CVE-2026-0300 (CVSS: 9.3), a critical zero-day buffer overflow vulnerability that impacts the User-ID Authentication Portal (aka Captive…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
About Us Leadership Careers Event Calendar → Newsroom → Aston Villa Football Club →We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Search our site
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
We offer three flexible MDR pricing packages that can be customized to your unique needs.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
On March 17th, 2025, security researchers confirmed that threat actors are now exploiting the recently disclosed Apache Tomcat vulnerability CVE-2025-24813. This vulnerability was publicly disclosed on March 10th, and the earliest signs of exploitation have been traced back to March 12th. Proof-of-Concept (PoC) exploit code is available, simplifying the attack process for less skilled threat actors.
CVE-2025-24813 is described as a path equivalence vulnerability. Exploitation may allow threat actors to add malicious content to uploaded files, cause information disclosure, and achieve Remote Code Execution (RCE). The vulnerability may be exploited without any prior access or authentication.
As exploitation has been confirmed, organizations are strongly encouraged to update all Apache Tomcat servers to a secure version immediately.
Apache Tomcat is a popular open-source Java web application server. Internet scanning services, such as Shodan, report nearly 100,000 Internet-facing Apache Tomcat servers; this number does not specifically reflect vulnerable servers.
The real-world exploitation of CVE-2025-24813 to perform Remote Code Execution (RCE) was first identified by Wallarm researchers, prior to the public disclosure of the Proof-of-Concept (PoC) exploit code. Threat actors are now reportedly leveraging the PoC exploit code to gain complete access to the vulnerable Apache servers.
The attack occurs in two stages, ultimately granting the attacker full remote access. Initially, the attackers send a PUT request uploading Base-64 encoded malicious serialized session file to the server. The file gets automatically written to the server’s session storage directory, thereby storing the payload onto the disk. The next stage of the attack involves triggering deserialization of the session. The attacker sends a GET request with the JSESSIONID addressing the malicious session. In response to which the server retrieves the file from the disk causing deserialization and execution of malicious JavaScript (JS) embedded into it, subsequently granting remote access to the attacker.
Wallarm emphasizes that the vulnerability can be easily exploited without the need for any form of authentication. The Base-64 encoded payloads would make it difficult for security tools such Web Application Firewalls (WAFs) to detect malicious PUT requests. The exploitation of CVE-2025-24813 in the wild, within 30 hours of disclosure of the PoC exploit code makes rapidly addressing the vulnerability critical. Ivan Novikov, Wallarm's CEO has stated that exploitation is being carried out by “Chinese operators”, and that the vulnerability will be added to CISA’s Known Exploited Vulnerabilities catalog in the near future.
It should be noted that successful exploitation requires specific configurations are enabled on a vulnerable server. To achieve information disclosure and the addition of malicious content, the following requirements must be met:
In order for exploitation to result in Remote Code Execution, there are additional requirements:
Impacted Versions list:
References:
[1] https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-24813
[3] https://www.shodan.io/search?query=server%3A+apache+tomcat
[4] https://www.theregister.com/2025/03/18/apache_tomcat_java_rce_flaw/