Summary

Broadcom's Enterprise Security Group is investigating CVE-2025-24813, which is a vulnerability in Apache Tomcat. 

Affected Product(s)

No Broadcom Enterprise Security Group products are confirmed affected at this time.

Additional Product Information

The following products are not vulnerable:

Advanced Secure Gateway (ASG)
BCAAA
Carbon Black App Control Agent
Carbon Black App Control Server
Carbon Black Cloud CWP Appliance
Carbon Black Cloud Platform
Carbon Black Cloud Sensor
Carbon Black Cloud Sensor Gateway
Carbon Black EDR Sensor
Carbon Black EDR Server
CloudSOC Cloud Access Security Broker (CASB)
Cloud Secure Web Gateway (Cloud SWG)
Content Analysis
Critical System Protection (CSP)
Data Center Security (DCS)
Data Loss Prevention (DLP)
Data Loss Prevention Cloud
Edge Secure Web Gateway (SWG)
HSM Agent
Information Centric Analytics (ICA)
Integrated Secure Gateway (ISG)
IT Analytics (ITA)
LiveUpdate Administrator (LUA)
Management Center (MC)
ProxySG
Reporter
SSL Visibility (SSLV)
Symantec Endpoint Detection and Response (EDR) On-premise
Symantec Endpoint Protection (SEP) Agent
Symantec Endpoint Protection Manager (SEPM)
Symantec Endpoint Protection (SEP) for Mobile
Symantec Endpoint Security (SES)
Symantec Insight for Private Clouds
Symantec Mail Security for Microsoft Exchange (SMSMSE)
Symantec Protection Engine (SPE)
Symantec Protection for SharePoint Servers (SPSS)
Threat Defense for Active Directory (TDAD)
Web Isolation (WI) Virtual Machine
Web Isolation (WI) Cloud Native
Zero Trust Network Access (ZTNA)

References

• Apache Tomcat Vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2025-24813

Revisions

2025-03-19 10:30 PT - Initial Release
2025-03-21 10:00 PT - Moved multiple products to Not Vulnerable
2025-03-25 10:30 PT - All products have been reviewed.