CVE-2025-24813

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

CVSS 10 CRITICALEPSS 99.9%● KEVCWE-44 CWE-502

Em resumo

O Apache Tomcat tem uma vulnerabilidade crítica no upload de arquivos que permite atacantes ler arquivos sensíveis, modificar conteúdo enviado ou executar código malicioso no servidor se certos recursos estiverem ativados. Isso acontece porque o servidor não valida corretamente os caminhos de arquivo ao processar uploads parciais.

Detalhe técnico

CVE-2025-24813 explora equivalência de caminhos via nomeação com pontos em requisições PUT parciais ao servlet padrão. Com escrita habilitada e suporte a PUT parcial ativo, atacantes podem acessar diretórios de arquivos sensíveis, ler/modificar arquivos ou conseguir RCE via desserialização quando persistência de sessão baseada em arquivo está configurada. A vulnerabilidade afeta Tomcat 9.0.0–9.0.98, 10.1.0–10.1.34 e 11.0.0–11.0.2.

Resumo gerado e traduzido por IA a partir da descrição oficial.

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

Apache Software Foundation · Apache Tomcat

PoCs públicas encontradas — 55

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/absholi7ly/POC-CVE-2025-24813/blob/main/README.md https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq https://lists.debian.org/debian-lts-announce/2025/04/msg00003.html https://security.netapp.com/advisory/ntap-20250321-0001/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24813 https://www.vicarius.io/vsociety/posts/cve-2025-24813-detect-apache-tomcat-rce https://www.vicarius.io/vsociety/posts/cve-2025-24813-mitigate-apache-tomcat-rce https://www.vicarius.io/vsociety/posts/cve-2025-24813-tomcat-detect-vulnerability https://www.vicarius.io/vsociety/posts/cve-2025-24813-tomcat-mitigation-vulnerability http://www.openwall.com/lists/oss-security/2025/03/10/5