AI description
CVE-2025-24813 is a vulnerability affecting Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0.M1 through 10.1.34, and 11.0.0.M1 through 11.0.2. It stems from an issue in how Tomcat handles partial PUT requests. Specifically, the vulnerability arises from the use of a temporary file based on user-supplied filenames and paths, where the path separator is replaced by a dot. This can potentially allow unauthorized access to sensitive files, injection of malicious content, or even remote code execution under certain conditions. Exploitation of this vulnerability requires a specific set of circumstances. For information disclosure or content injection, the default servlet must have write access enabled (it's disabled by default), partial PUT support must be enabled (which it is by default), and the target URL for sensitive uploads must be a subdirectory of a public upload URL. The attacker also needs to know the names of the sensitive files being uploaded via partial PUT. For remote code execution, the same conditions apply, with the addition of the application using Tomcat's file-based session persistence in the default location and including a library vulnerable to deserialization attacks.
- Description
- Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.98, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.5
- Impact score
- 3.4
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
به تازگی آسیب پذیری خطرناکی برای وب سرور apache Tomcat با کد شناسایی CVE-2025-24813 و از نوع RCE منتشر شده است. در یک سال اخیر چندین آسیب پذیری مختلف برای این وب سرور منتشر شده است. https://t.co/Poz3aKY03t https://t.co/XNS4MVIKfz
@AmirHossein_sec
15 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24813
@transilienceai
15 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
We have tested CVE-2025-24813. Under specific circumstances, an exploit sent to a vulnerable Apache web server running outdated Tomcat software could lead to remote code execution. We used a 2-step method that resulted in a successful attempt. Details at https://t.co/1ZWtac6sLh h
@Unit42_Intel
14 Mar 2025
11195 Impressions
37 Retweets
122 Likes
83 Bookmarks
2 Replies
1 Quote
#Poc CVE-2025-24813 #Apache Tomcat #RCE https://t.co/yJfevdTLhq
@absholi7ly
14 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - iSee857/CVE-2025-24813-PoC: Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813) https://t.co/SeEw5WcmNt
@akaclandestine
14 Mar 2025
1463 Impressions
5 Retweets
17 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813: Apache Tomcat: from 11.0.0-M1 11.0.2Path Equivalence: 'https://t.co/65d0g2MyZk' (Internal Dot) leading to Remote Code Execution and/or ... https://t.co/4Uiy0R2I44 https://t.co/gBDNluDCwY
@cyber_advising
13 Mar 2025
932 Impressions
5 Retweets
19 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813 Apache Tomcat RCE https://t.co/bG5VXmJZZY
@fall_sn0w
13 Mar 2025
276 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes
GitHub - iSee857/CVE-2025-24813-PoC: Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813) - https://t.co/A0cQwLC0D1
@piedpiper1616
13 Mar 2025
4941 Impressions
35 Retweets
103 Likes
44 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-24813 - Fallo en Apache Tomcat expone servidores a RCE y filtraciones de datos. 🔎 Búsqueda: Hunter: https://t.co/hGGK7zQHHF="Apache Tomcat" FOFA: product="APACHE-Tomcat" Shodan: product:"Apache Tomcat" 📰 Más info: https://t.co/btW2agPwJH #Tomcat #infosec #OSINT
@Cyph3R_CyberSec
12 Mar 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad grave en Apache Tomcat expone los servidores a RCE (CVE-2025-24813) https://t.co/7LuJ0mnZp1
@SeguInfo
12 Mar 2025
823 Impressions
5 Retweets
11 Likes
3 Bookmarks
0 Replies
0 Quotes
2025. 3.11 JVNVU#93567491 Apache Tomcat partial PUTにおけるリモートコード実行、情報漏えいや改ざんの脆弱性(CVE-2025-24813) - Japan Vulnerability Notes(JVN) https://t.co/wJoZ8xdgzQ
@kawn2020
12 Mar 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE https://t.co/5DxlLsUVin https://t.co/CwRFMTdUKZ
@secharvesterx
12 Mar 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analysis of CVE-2025-24813 Apache Tomcat Path Equivalence RCE https://t.co/1yTWHY5DQ3
@_r_netsec
12 Mar 2025
3139 Impressions
24 Retweets
26 Likes
15 Bookmarks
0 Replies
0 Quotes
Threat Alert: Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) CVE-2025-24813 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/11nIBFghaz #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
12 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcatがリモートコード実行や機密情報 漏洩のリスクを起こす脆弱性(CVE-2025-24813) #セキュリティ対策Lab #セキュリティ #Security https://t.co/chfgNIgU2z
@securityLab_jp
12 Mar 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[JVNVU#93567491] Apache Tomcat partial PUTにおけるリモートコード実行、情報漏えいや改ざんの脆弱性(CVE-2025-24813) https://t.co/vPdCB3XDig #jvn #脆弱性 #セキュリティ
@jpsecuritynews
12 Mar 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ALERTE SÉCURITÉ : Une faille critique dans Apache Tomcat (CVE-2025-24813) expose vos serveurs à des attaques RCE et fuites de données ! 🛡️ Mettez à jour IMMÉDIATEMENT. Détails ici 👉https://t.co/EU0jLtebqk #ApacheTomcat #CVE
@_F2po_
11 Mar 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 SECURITY ALERT: Critical flaw in Apache Tomcat (CVE-2025-24813) exposes servers to RCE attacks & data leaks! 🛡️ Update IMMEDIATELY. Details here 👉 https://t.co/3czPexXLT5 #Cybersecurity #ApacheTomcat #CVE
@_F2po_
11 Mar 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813: Important: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet .. https://t.co/zEgCB1iTnD
@cyber_advising
11 Mar 2025
849 Impressions
0 Retweets
11 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad en Apache Tomcat expone servidores a RCE y fugas de datos ⚠️ CVE-2025-24813 https://t.co/4YkUq8KAgD https://t.co/6YHKZrovy8
@elhackernet
11 Mar 2025
2728 Impressions
5 Retweets
15 Likes
10 Bookmarks
0 Replies
1 Quote
CVE-2025-24813
@rousoal2020
11 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-24813 Flaw in Apache Tomcat Exposes Servers to RCE, Data Leaks: Update Immediately 🎯6.5M+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/GfMvWUMWTU FOFA Query:app="APACHE-Tomcat" 🔖Refer:https://t.co/x8nHM9ZaV3 #OSINT…
@fofabot
11 Mar 2025
1643 Impressions
7 Retweets
18 Likes
6 Bookmarks
1 Reply
0 Quotes
🚨 Alert: Apache Tomcat CVE-2025-24813 vulnerability allows RCE and data leaks! Affected versions: 9.0.0.M1–9.0.98, 10.1.0-M1–10.1.34, 11.0.0-M1–11.0.2. Update immediately to secure your servers! #CyberSecurity #ApacheTomcat #RCE https://t.co/hfv9ac4kki
@SandroBruscino
11 Mar 2025
96 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-24813: Potential RCE in Apache Tomcat❗️ Deserialization of Untrusted Data and Path Equivalence vulnerabilities potentially allow an attacker to perform RCE. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/aHM9csDL27 #cybersecurity #vulnetability_map https://t
@Netlas_io
11 Mar 2025
100 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
統合版 JPCERT/CC | JVN: Apache Tomcat partial PUTにおけるリモートコード実行、情報漏えいや改ざんの脆弱性(CVE-2025-24813) https://t.co/LwP2FnPYya #itsec_jp
@itsec_jp
11 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Tomcat远程代码执行漏洞(CVE-2025-24813) 阅读: 8一、基础知识概述近日,绿盟科技CERT监测到Apache发布安全公告,修复了Apache Tomcat远程代码执行漏洞(CVE-2025-24813); https://t.co/AsH5Led99l
@buaqbot
11 Mar 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Tomcat CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT https://t.co/lgULCgrw68
@h4x0r_dz
11 Mar 2025
5357 Impressions
5 Retweets
71 Likes
27 Bookmarks
3 Replies
0 Quotes
⚠️ Vulnerability Alert: Apache Tomcat Remote Code Execution and Data Leak Vulnerability 📅 Timeline: Disclosure: 2025-03-10, Patch: 2025-03-10 📌 Attribution: 🆔cveId: CVE-2025-24813 📊baseScore: 7.5 (estimated the CVSS score as HIGH) 📏cvssMetrics:… https://t.co/v0cnB7jCkK
@syedaquib77
11 Mar 2025
199 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
JVNVU#93567491 Apache Tomcat partial PUTにおけるリモートコード実行、情報漏えいや改ざんの脆弱性(CVE-2025-24813) https://t.co/jqy6uwskrx アップデートで対応できるようなので早めのアップデートを。
@Syynya
11 Mar 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813 Flaw in Apache Tomcat Exposes Servers to RCE, Data Leaks: Update Immediately https://t.co/po2HYbD3No
@Dinosn
11 Mar 2025
15483 Impressions
90 Retweets
269 Likes
91 Bookmarks
1 Reply
0 Quotes
🚨🚨ALERT: CVE-2025-24813 in Apache Tomcat drops—potential RCE, data leaks, or corruption via partial PUTs! Attackers could OWN your servers. ZoomEye Dork👉app="Apache Tomcat" 774.2k+ vulnerable instances ALREADY spotted! ZoomEye Link: https://t.co/QKp6kN7IcW Details:… https://
@zoomeye_team
11 Mar 2025
3109 Impressions
12 Retweets
34 Likes
16 Bookmarks
1 Reply
1 Quote
🚨Alert🚨 CVE-2025-24813:Flaw in Apache Tomcat Exposes Servers to RCE, Data Leaks 📊 10.7M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/Pf8A56s3ZW 👇Query HUNTER : https://t.co/q9rtuGgxk7="Apache Tomcat" FOFA : product="APACHE-Tomcat"… htt
@HunterMapping
11 Mar 2025
7436 Impressions
26 Retweets
118 Likes
51 Bookmarks
2 Replies
1 Quote
CVE-2025-24813 Flaw in Apache Tomcat Exposes Servers to RCE, Data Leaks: Update Immediately CVE-2025-24813 poses serious risks for Apache Tomcat users. Discover how this vulnerability can be exploited and what to do. https://t.co/ahIQEJaspE
@the_yellow_fall
11 Mar 2025
5179 Impressions
32 Retweets
80 Likes
34 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813 Path Equivalence: 'https://t.co/u7A4dzI1Ga' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write… https://t.co/PhDWIHWmrc
@CVEnew
10 Mar 2025
405 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24813: Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT https://t.co/nYLy47YxWZ
@oss_security
10 Mar 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes