BDU:2025-02511

BDU

HighConfirmedExploit available

Уязвимость сервера приложений Apache Tomcat связана с принятием входных данных пути в виде внутренней точки без проверки. Эксплуатация уязв…

CVSS

8.8

High

EPSS

0.00

Published

2025-01-01

Updated

2025-01-01

Description

Уязвимость сервера приложений Apache Tomcat связана с принятием входных данных пути в виде внутренней точки без проверки. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации и выполнить произвольный код

Tags · CWE

Pre-auth

Affected products

Apache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatApache software foundation TomcatOracle corp. Database serverOracle corp. Database serverOracle corp. Database serverOracle corp. Database server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

2025-01-01

Published

2025-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

52134

exploitdb · https://www.exploit-db.com/exploits/52134

Enterprise

CVE-2025-24813

github-poc · https://github.com/Dhananjayasj/CVE-2025-24813-Apache-Tomcat-Partial-PUT-Deserialization-RCE-

Enterprise

Affected software

Product	Vendor	Status
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
tomcat	apache software foundation	Tracked
database server	oracle corp.	Tracked
database server	oracle corp.	Tracked
database server	oracle corp.	Tracked
database server	oracle corp.	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2025-24813

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-24813@http://www.openwall.com/lists/oss-security/2025/03/10/5@https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq@https://github.com/iSee857/CVE-2025-24813-PoC@https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/@http://repo.red-soft.ru/redos/7.3c/x86_64/updates/@https://altsp.su/obnovleniya-bezopasnosti/@https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.13/@https://altsp.su/obnovleniya-bezopasnosti/@https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/3.1/@https://support.oracle.com/signin/?kmContentId=2927522@https://github.com/absholi7ly/POC-CVE-2025-24813/blob/main/README.md