Remote Code Execution and Information Disclosure Vulnerability in Apache Tomcat Software
CVE-2025-24813

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Apache Tomcat
Vendor: CVE Published:; 10 March 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 10,500👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%🦅 CISA Reported📰 News Worthy

What is CVE-2025-24813?

CVE-2025-24813 is a vulnerability in Apache Tomcat, a widely used open-source implementation of the Java Servlet, JavaServer Pages, and Java Expression Language technologies. This vulnerability presents significant risks as it allows for remote code execution and information disclosure, potentially leading to unauthorized access to sensitive data or manipulation of server-side logic. Given that Apache Tomcat is often deployed in enterprise environments, organizations utilizing this software face threats that could compromise the integrity and confidentiality of their applications and data.

Technical Details

The CVE-2025-24813 vulnerability arises from a path equivalence issue concerning the 'file.Name' parameter, which can lead to inadequate protections against malicious interactions. Specifically, if several conditions are met—such as having write access enabled for the default servlet (although this is disabled by default) and support for partial PUT requests enabled—attackers may exploit this vulnerability to either execute arbitrary code remotely or disclose sensitive information in uploaded files. This highlights potential weaknesses in how uploaded files are processed in specific configurations of Apache Tomcat.

Potential Impact of CVE-2025-24813

Remote Code Execution: If conditions are met, attackers could execute arbitrary code on the server, potentially giving them control over the affected system.
Information Disclosure: Malicious users may gain access to sensitive files, leading to unauthorized exposure of critical data that could affect the organization’s confidentiality and privacy.
Malicious Content Injection: There is a risk that attackers may inject harmful content into uploaded files, which could be used to further exploit the system or distribute malware to other users or systems interacting with the compromised application.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.2

Apache Tomcat 10.1.0-M1 <= 10.1.34

Apache Tomcat 9.0.0.M1 <= 9.0.98

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Poc_for_CVE-2025-24813
Created by Franconyu

cve-2025-24813_poc
Created by FY036

CVE-2025-24813
Created by AsaL1n