CVE-2025-24813

Published Mar 10, 2025

Last updated a month ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24813 is a vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0.M1 through 10.1.34, and 11.0.0.M1 through 11.0.2. It stems from an issue in how Tomcat handles partial PUT requests. Specifically, the vulnerability arises from the use of a temporary file based on user-supplied filenames and paths, where the path separator is replaced by a dot. This can potentially allow unauthorized access to sensitive files, injection of malicious content, or even remote code execution under certain conditions. Exploitation of this vulnerability requires a specific set of circumstances. For information disclosure or content injection, the default servlet must have write access enabled (it's disabled by default), partial PUT support must be enabled (which it is by default), and the target URL for sensitive uploads must be a subdirectory of a public upload URL. The attacker also needs to know the names of the sensitive files being uploaded via partial PUT. For remote code execution, the same conditions apply, with the addition of the application using Tomcat's file-based session persistence in the default location and including a library vulnerable to deserialization attacks.

Description
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
Source
security@apache.org
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Apache Tomcat Path Equivalence Vulnerability
Exploit added on
Apr 1, 2025
Exploit action due
Apr 22, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

security@apache.org
CWE-44
nvd@nist.gov
CWE-502

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🛡️アウトブレイクアラート🛡️ 👉Apache Tomcat RCE CVE-2025-24813はApache Tomcatのpartial PUT機能の認証されていないリモートコード実行の脆弱性です。 脆弱性のエクスプロイトコードは一般入手可能で、攻撃の開

    @FortinetJapan

    1 May 2025

    264 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Critical Apache Tomcat flaw (CVE-2025-24813) actively exploited! Hackers bypass rules & execute code. Forget patching or WAFs—WEBOUNCER by https://t.co/YvUrFmPcXS is the ultimate web app security solution. No upgrades needed, unmatched protection. #impenetrable #Cybersecuri

    @BrainLabVisions

    29 Apr 2025

    39 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  3. CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet https://t.co/NxlZbJZ9dt #bugbounty #bugbountytips #bugbountytip

    @bountywriteups

    27 Apr 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚡ CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content adde... 👨🏻‍💻 sw0rd1ight ➟ Internet Bug Bounty 🟥 High 💰 $4,323 🔗 https://t.co/N5uSAw7XOJ #bugbounty #bugbountytips #cybersecurity #infosec https://t.co/Yufoz6L9

    @h1Disclosed

    27 Apr 2025

    1276 Impressions

    5 Retweets

    28 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  5. 2025 Bug Bounties! Hunt: CVE-2025-30406: Gladinet key CVE-2025-29824: Windows EoP CVE-2025-24054: NTLM theft CVE-2025-24813: Tomcat bug CVE-2025-32433: SSH RCE Burp, Amass. Big bounties! Get Bug Bounty Guide 2025! #BugBounty #VulnHunting2025 https://t.co/tin4q4LnYa

    @Viper_Droidd

    21 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Apache Tomcat CVE-2025-24813 brings RCE concerns. Key points: • Patches available—upgrade if you can. • Most setups are secure unless misconfigured. • Claims of active exploitation may be overstated. Stay updated by subscribing to our blog: https://t.co/0CR2oUy2R9 https://t

    @behkfox

    21 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Critical Alert: A severe RCE vulnerability (CVE-2025-24813) has been identified in Apache Tomcat, capable of allowing unauthorized remote code execution. Affected versions range from 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98. https://t.co/ppcp1xs5gh

    @The4n6Analyst

    21 Apr 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    16 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/L82vzIXGBh https://t.co/0uEcG2Tkdb

    @Yanivzadok

    14 Apr 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Top 5 Trending CVEs: 1 - CVE-2021-35587 2 - CVE-2025-30406 3 - CVE-2023-43622 4 - CVE-2025-24813 5 - CVE-2025-3248 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    13 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-24813 is a critical security issue that affects Apache Tomcat versions from 9.0.0.M1 to 11.0.2. It allows remote code execution, information disclosure and malicious content injection https://t.co/9qnrIMKfHD

    @cyber_advising

    11 Apr 2025

    6262 Impressions

    41 Retweets

    147 Likes

    75 Bookmarks

    1 Reply

    0 Quotes

  12. احذر #RCE وتسرب المعلومات! ثغرة #Apache Tomcat CVE-2025-24813! تحقق من مدونة https://t.co/gKKiwWrA0u للحصول على التفاصيل! ☑️الإصدارات المعرضة للثغرة ☑️شروط الهجوم ☑️اكتشاف خادم Apache Tomcat ☑️كيفية الاستجابة للحصول على تحليل فني كامل وكيفية الاستجابة: https://t.co/AAwEJVcWez h

    @CriminalIP_AR

    10 Apr 2025

    40 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 米当局は、Apache Tomcatの脆弱性「CVE-2025-24813」が悪用されていると警告。リモートコード実行が可能で、4月1日に「悪用が確認された脆弱性カタログ」に追加された。開発チームは3月に修正を公開、WAFでの検出回避の可能性もあり注意が呼びかけられている。

    @karukaruit

    8 Apr 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Se detecta PoC activa explotando RCE en Apache Tomcat (CVE-2025-24813) https://t.co/ncil3Vbl7E

    @tpx_Security

    7 Apr 2025

    231 Impressions

    3 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    6 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. ''Apache Tomcat CVE-2025-24813: What You Need to Know | Rapid7 Blog'' #infosec #pentest #redteam #blueteam https://t.co/uWBoxEmcKi

    @CyberWarship

    6 Apr 2025

    3264 Impressions

    11 Retweets

    48 Likes

    19 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    6 Apr 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. 2. Contexto de Ameaças em Projetos Apache: - Vulnerabilidades em projetos Apache são alvos frequentes. Exemplo recente: CVE-2025-24813 no Tomcat (CVSS 9.8), explorado em 30 horas após divulgação.

    @pedroco53915492

    5 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Apache Tomcat: Potential RCE Severity : Critical CVE-2025-24813 Exploit : https://t.co/6ggKgBQrYu Refrence : https://t.co/6gGeOYAdAp #ApacheTomcat #bugbounty #RCE https://t.co/m34WUgLFqv

    @wgujjer11

    5 Apr 2025

    12275 Impressions

    83 Retweets

    352 Likes

    212 Bookmarks

    2 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    4 Apr 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Read about observed attack traffic, detections, and mitigations for the path equivalence vulnerability in Apache Tomcat (CVE-2025-24813). Learn more. @Akamai #AkamaiSecurity https://t.co/YkIdevDmBC https://t.co/xy8qFC27xK

    @epichol

    3 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    3 Apr 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 #cybernote #ブログ仲間と繋がりたい #Webライター https://t.co/oBqikaW4Tc

    @Teeeda_worker

    3 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Apache Tomcatに深刻な脆弱性|CVE-2025-24813、米CISAが注意喚起 #cybernote #ブログ仲間と繋がりたい #Webライター https://t.co/m8AfDzhwCG

    @CyberNote_media

    3 Apr 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    2 Apr 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. CISA confirms active exploitation of Apache Tomcat CVE-2025-24813 (CVSS 9.8)—unpatched systems are vulnerable to remote code execution. Critical update required: https://t.co/nDZc1xQhAR #CyberSecurity #CriticalVulnerability

    @adriananglin

    2 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. ⚠️⚠️ CVE-2025-24813 Apache Tomcat as Actively Exploited with 9.8 CVSS 🎯6.7m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/GfMvWUMWTU FOFA Query:app="APACHE-Tomcat" 🔖Refer: https://t.co/s8SDApC9s9 #OSINT #FOFA #CyberSecurity https:/

    @fofabot

    2 Apr 2025

    1306 Impressions

    4 Retweets

    21 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  28. Antes que termine April Fools' Day🤪, te conviene actualizar tu PHP y Tomcat. La vulnerabilidad de Tomcat (CVE-2025-24813 - CVSS 9.9) está siendo explotada activamente y hay exploits públicos. https://t.co/QH2B4uV67j https://t.co/7LuJ0moxez Muestra de servidores vulnerables👇 h

    @SeguInfo

    1 Apr 2025

    765 Impressions

    1 Retweet

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  29. 🛡️ We added Apache Tomcat path equivalence vulnerability CVE-2025-24813 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/bJOgGeWmb8 & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/40msteeDPe

    @CISACyber

    1 Apr 2025

    5524 Impressions

    18 Retweets

    48 Likes

    6 Bookmarks

    1 Reply

    1 Quote

  30. Vulnerabilidad de Apache Tomcat ⚠️ CVE-2025-24813 Solicitud PUT con una carga útil de Java serializada diseñada para activar RCE. A continuación, se envía una solicitud GET con una cookie "JSESSIONID" https://t.co/6tv5JAgmb7 https://t.co/n77mdPGtU6

    @elhackernet

    1 Apr 2025

    13938 Impressions

    88 Retweets

    263 Likes

    96 Bookmarks

    0 Replies

    3 Quotes

  31. 🚨 CVE-2025-24813 en Apache Tomcat: una vulnerabilidad de ejecución remota de código (RCE) que puede comprometer tu infraestructura. 🔥 🔍 Aprende a cómo protegerte. 👉 https://t.co/O0fBpnfGKF… #hacking #infosec #hackers #CyberSecurity #blog https://t.co/7oxYKFJrvw

    @alienxox1

    31 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. More detailed analysis of Apache Tomcat CVE-2025-24813 https://t.co/GYUmHfzHoD https://t.co/fQuPGNOV77

    @secharvesterx

    31 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    31 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  34. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    31 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. CVE-2025-24813 is a critical path equivalence #vulnerability in #ApacheTomcat. Attackers are exploiting it in the wild, potentially executing arbitrary code without authentication. This can lead to system compromise and data exposure. #ThreatIntelligence https://t.co/hoCfAGaMgH

    @MalwarePatrol

    30 Mar 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Apache Tomcatに深刻な脆弱性(CVE-2025-24813)が発見され、既に悪用が確認されている。攻撃者は部分的なPUTリクエストとパスの等価性を利用して、認証なしで任意コード実行を可能にする。悪用には特定の条件が必要なため成功は困難だが、攻撃は増加している。 https://t.co/nbfnu88YNO

    @yousukezan

    30 Mar 2025

    3756 Impressions

    17 Retweets

    76 Likes

    20 Bookmarks

    0 Replies

    0 Quotes

  37. Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers https://t.co/jKnc3LjPbj

    @SecurityAid

    30 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Cyber Security news I found interesting: Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers https://t.co/EoABnNpgEH #R4yt3d

    @R4yt3d

    30 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Title: Critical Alert: Apache Tomcat Servers Targeted by New Exploit - CVE-2025-24813 Read the full story: https://t.co/f4HJSlzma2

    @theinfosecnews

    30 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Details : https://t.co/mBYwau3tWh #Vulnerability #tomcat #cve-2025-24813 https://t.co/8BM11Us6dK

    @s_moonbeam01

    30 Mar 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    30 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  42. 🚨 CVE-2025-24813 en Apache Tomcat: una vulnerabilidad de ejecución remota de código (RCE) que puede comprometer tu infraestructura. 🔥 🔍 Aprende a cómo protegerte. 👉 https://t.co/xjd2YCc0O7… #hacking #infosec #hackers #CyberSecurity #blog https://t.co/yjxYzemulP

    @CyberHacker100

    29 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. #threatreport #LowCompleteness Apache Tomcat: CVE-2025-24813 | 28-03-2025 Source: https://t.co/OZLno8T4Kz Key details below ↓ 🏭Industry: Government 🌐Geo: Indonesia, Korea, India, Latvia, Germany, Brazil, Pakistan, Australia, Singapore, Japan, Italy, Taiwan, Mexico, Morocco, h

    @rst_cloud

    29 Mar 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🚨 CVE-2025-24813 en Apache Tomcat: una vulnerabilidad de ejecución remota de código (RCE) que puede comprometer tu infraestructura. 🔥 🔍 Aprende a cómo protegerte. 👉 https://t.co/JOqGY8NfbW… #hacking #infosec #hackers #CyberSecurity #blog https://t.co/Z7oR1uQODa

    @Recoverytheate

    29 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    29 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  46. 🚨 A critical vulnerability (CVE-2025-24813) in Apache Tomcat allows remote, unauthenticated attackers to execute arbitrary code on affected servers. Versions 11.0.0-M1 to 9.0.98 are at risk. 📂⚠️ #ApacheTomcat #JavaExploitation link: https://t.co/a6VtFKYsKi https://t.co/Ry1prnB

    @TweetThreatNews

    28 Mar 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. A critical vulnerability, CVE-2025-24813, in Apache Tomcat allows remote code execution on unpatched servers, prompting urgent patching to protect sensitive data from exploitation attempts by threat actors globally. #Cybersecurity #CVE2025 https://t.co/C1HT4ZnX9u

    @Cyber_O51NT

    28 Mar 2025

    273 Impressions

    2 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  48. Actively exploited CVE : CVE-2025-24813

    @transilienceai

    27 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  49. Apache Tomcatの脆弱性CVE-2025-24813が開示された後、脆弱なバージョンのTomcatは10万回近くダウンロードされている。Sonatype社報告。同脆弱性は開示4日後のPoC(攻撃の概念実証コード)公開直後に悪用が観測されている。 https://t.co/rb2eXjgmOg

    @__kokumoto

    26 Mar 2025

    2258 Impressions

    8 Retweets

    13 Likes

    4 Bookmarks

    0 Replies

    2 Quotes

  50. My week thanks to CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-29927, CVE-2025-24813....... https://t.co/QM3hlv6IlT

    @mruston

    26 Mar 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations