Remote Code Execution and Information Disclosure Vulnerability in Apache Tomcat Software
CVE-2025-24813

9.8CRITICAL

Key Information:

Vendor
Apache
Vendor
CVE Published:
10 March 2025

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 10,500👾 Exploit Exists🟡 Public PoC🟣 EPSS 86%📰 News Worthy

What is CVE-2025-24813?

CVE-2025-24813 is a vulnerability in Apache Tomcat, a widely used open-source implementation of the Java Servlet, JavaServer Pages, and Java Expression Language technologies. This vulnerability presents significant risks as it allows for remote code execution and information disclosure, potentially leading to unauthorized access to sensitive data or manipulation of server-side logic. Given that Apache Tomcat is often deployed in enterprise environments, organizations utilizing this software face threats that could compromise the integrity and confidentiality of their applications and data.

Technical Details

The CVE-2025-24813 vulnerability arises from a path equivalence issue concerning the 'file.Name' parameter, which can lead to inadequate protections against malicious interactions. Specifically, if several conditions are met—such as having write access enabled for the default servlet (although this is disabled by default) and support for partial PUT requests enabled—attackers may exploit this vulnerability to either execute arbitrary code remotely or disclose sensitive information in uploaded files. This highlights potential weaknesses in how uploaded files are processed in specific configurations of Apache Tomcat.

Potential Impact of CVE-2025-24813

  1. Remote Code Execution: If conditions are met, attackers could execute arbitrary code on the server, potentially giving them control over the affected system.

  2. Information Disclosure: Malicious users may gain access to sensitive files, leading to unauthorized exposure of critical data that could affect the organization’s confidentiality and privacy.

  3. Malicious Content Injection: There is a risk that attackers may inject harmful content into uploaded files, which could be used to further exploit the system or distribute malware to other users or systems interacting with the compromised application.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.2

Apache Tomcat 10.1.0-M1 <= 10.1.34

Apache Tomcat 9.0.0.M1 <= 9.0.98

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CVE-2025-24813 : Apache Tomcat RCE Vulnerability Analysis - CYFIRMA

Published On : 2025-03-21 EXECUTIVE SUMMARY CVE-2025-24813 is a critical Remote Code Execution (RCE) vulnerability in Apache Tomcat, stemming from a path equivalence flaw that allows attackers to...

1 day ago

Hackers Actively Exploit Apache Tomcat Servers via CVE-2025-24813 – Patch Now

A concerning development has emerged with the active exploitation of Apache Tomcat servers through the recently disclosed vulnerability, CVE-2025-24813.

4 days ago

Recent Apache Tomcat RCE Vulnerabilities

There has been a recent string of media-hyped open-source component vulnerabilities in Apache Tomcat over the last several weeks. One of these (CVE-2025-24813) is receiving heightened scrutiny because it is...

5 days ago

References

EPSS Score

86% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by Cyber Kendra

  • Vulnerability published

  • Vulnerability Reserved

Credit

COSCO Shipping Lines DIC
sw0rd1ight (https://github.com/sw0rd1ight)
.