🔴 CVE-2025-24813

Apache Tomcat path traversal vulnerability enabling remote code execution and information disclosure via malicious PUT requests. Affects millions of internet-facing web applications globally. Listed in CISA KEV with active exploitation evidence and public POCs available.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-03-10

Added to CISA KEV: 2025-04-01 22 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-24813 is a path equivalence vulnerability in Apache Tomcat that allows for Remote Code Execution (RCE), information disclosure, and the potential injection of malicious content into uploaded files [2] [1].

Exploitation and Threat Activity
  • Active Exploitation: The vulnerability has been actively exploited in the wild. Following the release of a public proof-of-concept (PoC), attackers began attempting to exploit the flaw within days [3].
  • Status: It is officially listed in CISA’s Known Exploited Vulnerabilities (KEV) Catalog [4].
  • Threat Actor Usage: While specific threat actor attribution is not widely detailed in public reports, the rapid transition from PoC availability to active exploitation suggests widespread interest from various malicious actors.
Attack Method and Requirements
  • Method: The vulnerability is a path equivalence issue (often involving internal dot handling or partial PUT features) that allows attackers to bypass security controls [2] [1].
  • Requirements: Exploitation typically requires specific, non-default server configurations (such as having the write-enabled Default Servlet active) [1].
  • Access: It is a remote, unauthenticated vulnerability, meaning no user interaction is required for a successful attack [1].
Impact
Successful exploitation provides attackers with the ability to execute arbitrary code on the server, disclose sensitive information, or manipulate files [1] [5]. This can lead to full system compromise, data breaches, and significant operational disruption.
Affected Versions and Mitigation
  • Affected Versions:
* Apache Tomcat 9.0.1 to 9.0.99 * Apache Tomcat 10.1.1 to 10.1.35 * Apache Tomcat 11.0.1 to 11.0.3
  • Patch Status: Patches were released in March 2025. Users are strongly advised to upgrade to the following versions (or later) to mitigate the risk [1]:
* 9.0.99+ * 10.1.35+ * 11.0.3+

Sources

  1. CVE‑2025‑24813: Apache Tomcat Critical RCE | Fidelis Security

    Severity: Critical. Exploit Status: Proof of Concept (PoC). Business Risk: High — allows remote code execution and data compromise on vulnerable Tomcat servers, with the potential for significant operational disruption and reputational damage. Compliance Impact: Potential violations of PCI-DSS, HIPA…

  2. NVD - CVE-2025-24813

    Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. ... CVE-2025-24813 Detail. Description. Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Informat…

  3. Detecting and Mitigating Apache Tomcat CVE-2025-24813 - Akamai

    Apache labeled CVE-2025-24813 as moderate severity due to exploitation requirements. A vulnerable server has to meet a specific set of ... On March 10, 2025, a path equivalence vulnerability within Apache Tomcat, a popular open source web server and Java servlet container commonly used to host Java-…

  4. CVE-2025-24813 Detail - NVD

    This CVE is in CISA's Known Exploited Vulnerabilities Catalog. Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and ...

  5. Exploited! Apache Tomcat Path Equivalence Vulnerability... - IONIX

    Exploitation could result in unauthorized information disclosure, file manipulation, and even remote code execution (RCE). In this article. What is CVE-2025-24813 Apache Tomcat Path Equivalence Vulnerability? Exploiting the Vulnerability. Potential Risks. Mitigation Steps. Am I Impacted by CVE-2025-…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed