CVE-2025-24813 - Confluence Apache affected on the data center shipment.

Hi @RA ,

Welcome to the community !!

CVE-2025-24813 does not appear to be a publicly disclosed vulnerability in Atlassian list. 

However, Confluence Data Center 9.2.1 (LTS) is affected by other known vulnerabilities:

• CVE-2025-31650: This high-severity vulnerability, identified in May 2025, can lead to a Denial of Service (DoS) due to a memory leak in Apache Tomcat. It affects Confluence Data Center versions 7.13.0 through 9.4.0. 

• CVE-2024-50379 and CVE-2024-56337: Both are critical Remote Code Execution (RCE) vulnerabilities in the Apache Tomcat Catalina component, impacting Confluence Data Center versions up to 9.2.1.

For the most current information, considering checking  https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html

If you cannot upgrade confluence, you can try upgrading only the tomcat version. I recommend you try this is test server, take backup and then do it in production instance. 
https://support.atlassian.com/confluence/kb/how-to-upgrade-the-tomcat-container-for-confluence/

Hi @RA 

Welcome to the community.

Looking at the impacted tomcat from 9.0.1. to 9.0.99 and Confluence has version 9.0.98 bundled in the package, I suspect yes it will be impacted.