Apache Tomcat flaw CVE-2025-24813 is under active exploitation, enabling remote code execution via PUT requests.