Exploit for #VU105485 Input validation error in Apache Tomcat

Vulnerability identifier: #VU105485

Vulnerability risk: Critical

CVSSv4.0: 9.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2025-24813

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 13

• April 2, 2025
  • Tomcat Partial PUT Java Deserialization [Metasploit]
• March 25, 2025
  • Tomcat-CVE_2025_24813 (A playground to test the RCE exploit for tomcat CVE-2025-24813) [Github]
  • CVE-2025-24813 (Session Exploit) [Github]
• March 21, 2025
  • Apache-Tomcat-Vulnerability-POC-CVE-2025-24813 [Github]
• March 18, 2025
  • CVE-2025-24813-Exploit (Apache Tomcat Remote Code Execution (RCE) Exploit - CVE-2025-24813) [Github]
  • CVE-2025-24813-Scanner [Github]
  • CVE-2025-24813 [Github]
  • CVE-2025-24813-apache-tomcat [Github]
• March 14, 2025
  • CVE-2025-24813-PoC [Github]
  • cve-2025-24813_poc [Github]
  • POC-CVE-2025-24813 (his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized p [Github]
  • CVE-2025-24813 [Github]
  • CVE-2025-24813_POC [Github]

Vulnerable software:
Apache Tomcat
Server applications / Web servers

Vendor: Apache Foundation