Remote Code Execution and Information Disclosure Vulnerability in Apache Tomcat Software
CVE-2025-24813
Key Information:
- Vendor
- Apache
- Status
- Vendor
- CVE Published:
- 10 March 2025
Badges
What is CVE-2025-24813?
CVE-2025-24813 is a vulnerability in Apache Tomcat, a widely used open-source implementation of the Java Servlet, JavaServer Pages, and Java Expression Language technologies. This vulnerability presents significant risks as it allows for remote code execution and information disclosure, potentially leading to unauthorized access to sensitive data or manipulation of server-side logic. Given that Apache Tomcat is often deployed in enterprise environments, organizations utilizing this software face threats that could compromise the integrity and confidentiality of their applications and data.
Technical Details
The CVE-2025-24813 vulnerability arises from a path equivalence issue concerning the 'file.Name' parameter, which can lead to inadequate protections against malicious interactions. Specifically, if several conditions are met—such as having write access enabled for the default servlet (although this is disabled by default) and support for partial PUT requests enabled—attackers may exploit this vulnerability to either execute arbitrary code remotely or disclose sensitive information in uploaded files. This highlights potential weaknesses in how uploaded files are processed in specific configurations of Apache Tomcat.
Potential Impact of CVE-2025-24813
-
Remote Code Execution: If conditions are met, attackers could execute arbitrary code on the server, potentially giving them control over the affected system.
-
Information Disclosure: Malicious users may gain access to sensitive files, leading to unauthorized exposure of critical data that could affect the organization’s confidentiality and privacy.
-
Malicious Content Injection: There is a risk that attackers may inject harmful content into uploaded files, which could be used to further exploit the system or distribute malware to other users or systems interacting with the compromised application.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Apache Tomcat 11.0.0-M1 <= 11.0.2
Apache Tomcat 10.1.0-M1 <= 10.1.34
Apache Tomcat 9.0.0.M1 <= 9.0.98
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles

CISA Adds One Known Exploited Vulnerability to Catalog | CISA
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation
2 weeks ago

CISA Alerts on Active Exploitation of Apache Tomcat Vulnerability
CISA has issued a high-priority alert regarding the active exploitation of CVE-2025-24813, a critical vulnerability within Apache Tomcat.
3 weeks ago

Apache Tomcat Vulnerability Exploited to execute Malicious arbitrary code on servers
A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-24813, is being actively exploited in Apache Tomcat servers.
3 weeks ago
References
EPSS Score
92% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📈
Vulnerability started trending
- 📰
First article discovered by Cyber Kendra
Vulnerability published
Vulnerability Reserved