CVE-2025-24813

⛔ critical

Summary

Description

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.

If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT

If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- application was using Tomcat's file based session persistence with the default storage location
- application included a library that may be leveraged in a deserialization attack

Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

CVSS Score

9.8

Critical

EPSS Score

94.2

Exploit Probability

Published Date

2025-03-10

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.5% of all 329,456 vulnerabilities in our database.

#31,311

Top 10% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: Apr 1, 2025

🔍 Exploitation Status

Active

Exploits detected in the wild

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

🏆 Discovered By

COSCO Shipping Lines DIC sw0rd1ight (https://github.com/sw0rd1ight)

SSVC data provided by CISA

Last Modified 2025-10-23

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-44 CWE-502 CWE-706

Vendor	Product	Status	Affected Versions
apache	tomcat	Affected	≥ 10.1.1 < 10.1.35
apache	tomcat	Affected	≥ 11.0.1 < 11.0.3
apache	tomcat	Affected	< 9.0.99
apache	tomcat	Affected	v10.1.0
apache	tomcat	Affected	v11.0.0
debian	debian_linux	Affected	v11.0
netapp	bootstrap_os	Affected	v-

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-49975	⚠️ high	7.5	10.4	Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service vi...	2026-06-08
CVE-2026-41284	⚠️ high	7.5	0.1	Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: ...	2026-05-12
CVE-2026-41293	⛔ critical	9.8	0.2	Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0...	2026-05-12
CVE-2026-42498	⚠️ high	7.3	0.1	Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomca...	2026-05-12
CVE-2026-43512	⛔ critical	9.8	0.1	DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Ap...	2026-05-12
CVE-2026-43513	⚠️ high	7.5	0.1	Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat:...	2026-05-12

CVE-2025-24813

Summary

Description

📊 Relative Risk Intelligence

🎯 CISA SSVC Assessment Updated: Apr 1, 2025

📦 Affected Products 7

💣 Public Exploits 1 PRO

🔗 References 10

🔗 Related CVEs 6