CVE-2025-24813CISA KEV: Actively Exploited

Apache Tomcat Path Equivalence Vulnerability

Published Apr 1, 2025·Updated Apr 1, 2025

Description

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.

Public Exploits & PoCs49 found

PoC: CVE-Arsenal-Lab

TomcatScanner is a comprehensive security tool designed for detecting and exploiting the CVE-2025-24813 vulnerability in Apache Tomcat servers.

2

PoC: Poc_for_CVE-2025-24813

CVE-2025-24813 poc

2

PoC: cve-2025-24813_poc

cve-2025-24813验证脚本

2

PoC: CVE-2025-24813

Apache Tomcat RCE

1

PoC: Apache-GOExploiter

Apache (CVE-2025-24813) GOExploiter Checker & Exploiter very Fast

1

PoC: CVE-2025-24813

Apache Tomcat is vulnerable to a Path Equivalence / Path Traversal issue due to improper handling of ../ sequences in paths.

1

PoC: CVE-2025-24813

simple exp for CVE-2025-24813

1

PoC: Apache-Tomcat-CVE-2025-24813-Lab

ICT279 Vulnerability Detection and Mitigation Project using CVE-2025-24813 in an Internet Banking Environment

PoC: CVE-2025-24813

Instructions for rapid deployment of Tomcat v9.0.90 with java 25.0.1 2025-10-21 LTS on Windows Server 2019 Standard for lazy researchers.

PoC: CVE-2025-24813-PoC-exploit

Apache Tomcat Deserialization RCE

PoC: CVE-2025-24813

Example PoC for CVE-2025-24813 (Tomcat RCE)

PoC: CVE-2025-24813

Example PoC for CVE-2025-24813 (Tomcat RCE)

PoC: POC-CVE-2025-24813-Apache-Tomcat-Remote-Code-Execution

Este repositorio contiene un exploit automatizado desarrollado con fines educativos y de investigación en ciberseguridad, dirigido a demostrar una potencial vulnerabilidad de ejecución remota de código (RCE) en Apache Tomcat (CVE-2025-24813).

PoC: CVE-2025-24813-PoC

This is a PoC for the CVE-2025-24813 and tested in different environments.

PoC: PoC-CVE-2025-24813

Este script explora a vulnerabilidade CVE-2025-24813 em versões específicas do Apache Tomcat, permitindo execução remota de código (RCE) através de um vetor de desserialização Java e abuso do método HTTP PUT para gravação arbitrária de arquivos de sessão.

PoC: CVE-2025-24813

Automated scanner + exploit for CVE-2025-24813

PoC: CVE-2025-24813

Apache Tomcat PUT JSP RCE - CVE-2025-24813 - Exploit & PoC

PoC: PutScanner

A tool that identifies writable web directories in Apache Tomcat via HTTP PUT method [CVE-2025-24813]

PoC: CVE-2025-24813-Apache-Tomcat-RCE-PoC

Proof of Concept for CVE-2025-24813, a Remote Code Execution vulnerability in Apache Tomcat. This PoC exploits unsafe deserialization via crafted session files uploaded through HTTP PUT requests, allowing attackers to execute arbitrary code remotely on vulnerable Tomcat servers.

PoC: CVE-2025-24813

POC

PoC: CVE-2025-24813

tomcat CVE-2025-24813 反序列化RCE环境

PoC: Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-

Apache Tomcat - Remote Code Execution via Session Deserialization (CVE-2025-24813)

PoC: PoC-CVE-2025-24813

PoC para o CVE-2025-24813

PoC: CVE-2025-24813

Remote Code Execution (RCE) vulnerability in Apache Tomcat.

PoC: CVE-2025-24813

Proof of Concept (PoC) script for CVE-2025-24813, vulnerability in Apache Tomcat.

PoC: CVE-2025-24813-vulhub

CVE-2025-24813的vulhub环境的POC脚本

PoC: CVE-2025-24813-Scanner

CVE-2025-24813-Scanner is a Python-based vulnerability scanner that detects Apache Tomcat servers vulnerable to CVE-2025-24813, an arbitrary file upload vulnerability leading to remote code execution (RCE) via insecure PUT method handling and jsessionid exploitation.

PoC: CVE-2025-24813-PoC-Apache-Tomcat-RCE

A Python proof-of-concept exploit for CVE-2025-24813 - Unauthenticated RCE in Apache Tomcat (v9.0.0-9.0.98/10.1.0-10.1.34/11.0.0-11.0.2) via malicious Java object deserialization. Includes safe detection mode and custom payload support.

PoC: CVE-2025-24813-POC

A simple, easy-to-use POC for CVE-2025-42813 (Apache Tomcat versions below 9.0.99).

PoC: CVE-2025-24813-checker

Hello researchers, I have a checker for the recent vulnerability CVE-2025-24813-checker.

PoC: CVE-2025-24813-POC

CVE-2025-24813-POC JSP Web Shell Uploader

PoC: CVE-2025-24813

This repository contains a shell script based POC on Apache Tomcat CVE-2025-24813. It allow you to easily test the vulnerability on any version of Apache Tomcat

PoC: CVE-2025-24813

Create lab for CVE-2025-24813

PoC: Tomcat-CVE_2025_24813

A playground to test the RCE exploit for tomcat CVE-2025-24813

PoC: CVE-2025-24813

Session Exploit

PoC: CVE-2025-24813-PoC

A PoC for CVE-2025-24813

PoC: CVE-2025-24813-POC

CVE-2025-24813 Apache Tomcat RCE Proof of Concept (PoC)

PoC: Spring-Boot-Tomcat-CVE-2025-24813

POC for CVE-2025-24813 using Spring-Boot

PoC: lab-cve-2025-24813

Resources for teh Apache Tomcat CVE lab

PoC: Apache-Tomcat-Vulnerability-POC-CVE-2025-24813

Apache Tomcat Vulnerability POC (CVE-2025-24813)

PoC: CVE-2025-24813-Exploit

Apache Tomcat Remote Code Execution (RCE) Exploit - CVE-2025-24813

PoC: CVE-2025-24813-apache-tomcat

Nuclei Template CVE-2025–24813

PoC: CVE-2025-24813-Scanner

CVE-2025-24813 - Apache Tomcat Vulnerability Scanner

PoC: CVE-2025-24813

CVE-2025-24813利用工具

PoC: POC-CVE-2025-24813

his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met.

PoC: CVE-2025-24813

Security Researcher

PoC: CVE-2025-24813_POC

CVE-2025-24813_POC

PoC: CVE-2025-24813-PoC

Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813)

PoC: Apache-GOExploiter

🛠 Exploit vulnerable Apache Tomcat servers by scanning for CVE-2025-24813 and uploading files with this Go-based toolkit.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free