The urgency of the Apache Tomcat vulnerability, CVE-2025-24813, has prompted the New Zealand Computer Emergency Response Team (CERT NZ) to issue a critical security advisory alert. This vulnerability affects various versions of Apache Tomcat, including 9.x, 10.x, and 11.x, with specific configurations making systems vulnerable to remote code execution, information disclosure, and content corruption.
The vulnerability, CVE-2025-24813, is specifically linked to the default servlet of Apache Tomcat, responsible for handling HTTP requests. An unauthorized attacker could exploit the improper handling of file uploads by the default servlet to execute malicious code or gain access to sensitive information. This flaw poses significant security risks as it could lead to remote code execution (RCE) or manipulation/corruption of critical data.
Affected versions of Apache Tomcat include:
– Apache Tomcat 11.0.0-M1 to 11.0.2
– Apache Tomcat 10.1.0-M1 to 10.1.34
– Apache Tomcat 9.0.0.M1 to 9.0.98
These versions are vulnerable to CVE-2025-24813 under certain conditions, especially if applications allow file uploads with partial PUT support enabled and if attackers can manipulate file paths and exploit insecure configurations.
The exploitation of CVE-2025-24813 requires specific conditions to be met, including writes enabled for the default servlet, partial PUT support enabled, a target URL for sensitive uploads located within a sub-directory of public uploads, knowledge of sensitive file names, and the vulnerable files being uploaded via partial PUT. For remote code execution, additional conditions such as using Tomcat’s file-based session persistence and including a library that could be used in a deserialization attack must also be met.
The New Zealand CERT has emphasized the urgency of addressing this vulnerability as proof-of-concept and active exploitation reports have already emerged. The consequences of exploitation include unauthorized code execution, data exposure, and potential corruption of critical application files.
To protect systems from CVE-2025-24813, Apache Tomcat users are advised to upgrade to secure versions, including Apache Tomcat 11.0.3 or later, 10.1.35 or later, and 9.0.99 or later. System administrators should also follow best practices for securing Tomcat configurations, such as disabling unnecessary features and properly configuring file upload capabilities.
In conclusion, the active exploitation of CVE-2025-24813 underscores the importance of upgrading to secure versions, monitoring for suspicious activity, and promptly applying security patches. Keeping Apache Tomcat systems updated is crucial to avoid remote code execution, information disclosure, and content corruption.