Remote Code Execution and Information Disclosure Vulnerability in Apache Tomcat Software
CVE-2025-24813

9.8CRITICAL

Key Information:

Vendor
Apache
Vendor
CVE Published:
10 March 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 10,500👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%🦅 CISA Reported📰 News Worthy

What is CVE-2025-24813?

CVE-2025-24813 is a vulnerability in Apache Tomcat, a widely used open-source implementation of the Java Servlet, JavaServer Pages, and Java Expression Language technologies. This vulnerability presents significant risks as it allows for remote code execution and information disclosure, potentially leading to unauthorized access to sensitive data or manipulation of server-side logic. Given that Apache Tomcat is often deployed in enterprise environments, organizations utilizing this software face threats that could compromise the integrity and confidentiality of their applications and data.

Technical Details

The CVE-2025-24813 vulnerability arises from a path equivalence issue concerning the 'file.Name' parameter, which can lead to inadequate protections against malicious interactions. Specifically, if several conditions are met—such as having write access enabled for the default servlet (although this is disabled by default) and support for partial PUT requests enabled—attackers may exploit this vulnerability to either execute arbitrary code remotely or disclose sensitive information in uploaded files. This highlights potential weaknesses in how uploaded files are processed in specific configurations of Apache Tomcat.

Potential Impact of CVE-2025-24813

  1. Remote Code Execution: If conditions are met, attackers could execute arbitrary code on the server, potentially giving them control over the affected system.

  2. Information Disclosure: Malicious users may gain access to sensitive files, leading to unauthorized exposure of critical data that could affect the organization’s confidentiality and privacy.

  3. Malicious Content Injection: There is a risk that attackers may inject harmful content into uploaded files, which could be used to further exploit the system or distribute malware to other users or systems interacting with the compromised application.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.2

Apache Tomcat 10.1.0-M1 <= 10.1.34

Apache Tomcat 9.0.0.M1 <= 9.0.98

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

2 weeks ago

CISA Alerts on Active Exploitation of Apache Tomcat Vulnerability

CISA has issued a high-priority alert regarding the active exploitation of CVE-2025-24813, a critical vulnerability within Apache Tomcat.

3 weeks ago

Apache Tomcat Vulnerability Exploited to execute Malicious arbitrary code on servers

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-24813, is being actively exploited in Apache Tomcat servers.

3 weeks ago

References

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🦅

    CISA Reported

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by Cyber Kendra

  • Vulnerability published

  • Vulnerability Reserved

Credit

COSCO Shipping Lines DIC
sw0rd1ight (https://github.com/sw0rd1ight)
.