ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Research
  • Threat Intelligence Reports
Analysis of Apache Tomcat Vulnerability: CVE-2025-24813
2025.05.26

✅ Report Title: Analysis of Apache Tomcat Vulnerability: CVE-2025-24813



The S2W Threat Intelligence Center has published a threat intelligence report on the security vulnerability CVE-2025-24813, recently identified in Apache Tomcat.



✅ Executive Summary:


- This report is an analysis of CVE-2025-24813, a vulnerability found in Apache Tomcat.


  - Apache Tomcat is an open-source Java web application server supporting Servlet and JSP technologies.


- This vulnerability is an Information Disclosure vulnerability due to improper file path handling when write settings and Partial PUT support for Tomcat's Default Servlet are enabled, and a Remote Code Execution vulnerability due to untrusted deserialization of data when used in conjunction with Tomcat's default file-based session management functionality.


- The following versions are affected:

  - 9.0.0.M1 ≤ Tomcat < 9.0.99

  - 10.1.0-M1 ≤ Tomcat < 10.1.35

  - 11.0.0-M1 ≤ Tomcat < 11.0.3


- The version of Tomcat you are using can be determined by running the version.bat (Windows) or version.sh (*nix) script from the CLI.



📌 CVE-2025-24813 Details


- CVE Number: CVE-2025-24813


- Disclosure or Patch Date: 2025-03-10


- Product: Apache Tomcat


- Vendor: Apache Software Foundation


- Confirmed Affected Versions:

  - 9.0.0.M1 ≤ Tomcat < 9.0.99

  - 10.1.0-M1 ≤ Tomcat < 10.1.35

  - 11.0.0-M1 ≤ Tomcat < 11.0.3


- Patched Versions:

  - Tomcat ≥ 9.0.99

  - Tomcat ≥ 10.1.35

  - Tomcat ≥ 11.0.3


- Reporter(Advisor): COSCO Shipping Lines DIC, sw0rd1ight


- Causes: When the write setting for Tomcat's Default Servlet is enabled and Partial PUT is enabled, files uploaded via Partial PUT requests are temporarily stored in the temporary file storage path with a filename that replaces the '/' string in the request path with the '.' string. This can result in sensitive files being stored via Partial PUT and the contents of sensitive files being accessible to unauthorized users if they know the exact path to the file. Also, because the temporary file storage path for Partial PUT is the same as the default session storage path for Tomcat's built-in file-based session management feature, temporary files uploaded via Partial PUT may be treated as session files and attempted to be loaded if the feature is in use.



✅ Recommended Threat Detection and Mitigation Actions:


- This vulnerability could allow remote attackers to obtain sensitive information with restricted access on a vulnerable system or execute arbitrary code with the privileges of the user running Tomcat.


- If you are using a vulnerable version of Tomcat, we recommend updating to the latest version.


- If the update is not possible, we recommend following the action steps below.

  - Disabling the Write setting for Tomcat's Default Servlet

  - Disabling Tomcat's Partial PUT support




🧑‍💻 Author: S2W TALON


👉 Contact us: https://s2w.inc/en/contact


*The full report is available upon request or with a subscription to the S2W platform.


News Highlights
Weekly Darkweb in May W2
2025.05.21
Previous
News Highlights
Weekly Darkweb in May W3
2025.05.28
Next
List