NVD Vulnerability Detail

CVE-2025-24813

Summary	Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
Publication Date	March 11, 2025, 2:15 a.m.
Registration Date	March 11, 2025, 4 a.m.
Last Update	March 19, 2025, 2:19 a.m.

CVSS3.1 : CRITICAL
スコア	9.8
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone19::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone20::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone21::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone22::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone23::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone24::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone25::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone26::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone27::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::
cpe:2.3:a:apache:tomcat::::::::	9.0.1			9.0.99
cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::
cpe:2.3:a:apache:tomcat::::::::	10.1.1			10.1.35
cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone21::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone22::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone23::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone24::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone25::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
cpe:2.3:a:apache:tomcat::::::::	11.0.1			11.0.3

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2025/03/10/5	Mailing List Third Party Advisory
2	https://github.com/absholi7ly/POC-CVE-2025-24813/blob/main/README.md	Exploit
3	https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-502	信頼性のないデータのデシリアライゼーション	https://cwe.mitre.org/data/definitions/502.html
2	CWE-706	誤って解決された名前や参照の使用	https://cwe.mitre.org/data/definitions/706.html

JVN Vulnerability Information

Apache Tomcat partial PUT におけるリモートコード実行、情報漏えいや改ざんの脆弱性 (CVE-2025-24813)

Title	Apache Tomcat partial PUT におけるリモートコード実行、情報漏えいや改ざんの脆弱性 (CVE-2025-24813)
Summary	Apache Tomcat の partial PUT の元の実装では、ユーザーが指定したファイル名とパスを基にパス区切り文字を「.」に置き換えた一時ファイルが使用されています。このため、特定の条件下で、リモートコード実行、セキュリティ上重要なファイルの表示やコンテンツ挿入の可能性があります。（CVE-2025-24813、CWE-44、CWE-502）
Possible impacts	以下のすべての条件が成立する場合、セキュリティ上重要なファイルの表示やコンテンツ挿入の可能性があります。　* デフォルトサーブレットの書き込みが有効（デフォルトで無効）　* partial PUT をサポート（デフォルトで有効）　* セキュリティ上重要なアップロード対象の URL が、パブリックアップロード対象 URL のサブディレクトリである　* 攻撃者がアップロードされるセキュリティ上重要なファイルの名前を知っている　* セキュリティ上重要なファイルが partial PUT でアップロードされる以下のすべての条件が成立する場合、リモートコード実行の可能性があります。　* デフォルトサーブレットの書き込みが有効（デフォルトで無効）　* partial PUT をサポート（デフォルトで有効）　* アプリケーションがデフォルトのストレージロケーションで Tomcat のファイルベースのセッション永続性を使用している　* アプリケーションに、デシリアライゼーション攻撃に利用される可能性のあるライブラリが含まれている
Solution	[アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。開発者によると、本脆弱性は次のバージョンで修正されているとのことです。　* Apache Tomcat 11.0.3 以降　* Apache Tomcat 10.1.35 以降　* Apache Tomcat 9.0.99 以降
Publication Date	March 11, 2023, midnight
Registration Date	March 12, 2025, 11:26 a.m.
Last Update	Oct. 23, 2025, 3:38 p.m.

Affected System

Apache Software Foundation

Apache Tomcat 10.1.0-M1 から 10.1.34 まで

Apache Tomcat 11.0.0-M1 から 11.0.2 まで

Apache Tomcat 9.0.0.M1 から 9.0.98 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2025-24813	https://www.cve.org/CVERecord?id=CVE-2025-24813
National Vulnerability Database (NVD)
2	CVE-2025-24813	https://nvd.nist.gov/vuln/detail/CVE-2025-24813

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-44	https://cwe.mitre.org/data/definitions/44.html
2	CWE-502	https://cwe.mitre.org/data/definitions/502.html

ベンダー情報

No	Name	URL
The Apache Software Foundation
1	Apache Tomcat 10.x vulnerabilities	https://tomcat.apache.org/security-10.html
2	Apache Tomcat 11.x vulnerabilities	https://tomcat.apache.org/security-11.html
3	Apache Tomcat 9.x vulnerabilities	https://tomcat.apache.org/security-9.html
4	[SECURITY] CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT	https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq

その他

No	Name	URL
JVN
1	JVNVU#93567491	https://jvn.jp/vu/JVNVU93567491/index.html
2	JVNVU#99667406	https://jvn.jp/vu/JVNVU99667406/index.html

Change Log

No	Changed Details	Date of change
1	[2025年03月12日] 掲載	March 12, 2025, 10:39 a.m.
2	[2025年10月23日] 参考情報：JVN (JVNVU#99667406) を追加参考情報：National Vulnerability Database (NVD) (CVE-2025-24813) を追加	Oct. 23, 2025, 3:10 p.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone19::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone20::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone21::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone22::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone23::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone24::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone25::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone26::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone27::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone1::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone10::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone11::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone12::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone13::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone14::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone16::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone2::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone3::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone4::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone5::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone6::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone7::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone8::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone9::::::
cpe:2.3:a:apache:tomcat::::::::	9.0.1			9.0.99
cpe:2.3:a:apache:tomcat:10.1.0:milestone15::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone17::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone18::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone19::::::
cpe:2.3:a:apache:tomcat:10.1.0:milestone20::::::
cpe:2.3:a:apache:tomcat::::::::	10.1.1			10.1.35
cpe:2.3:a:apache:tomcat:11.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone19::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone20::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone21::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone22::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone23::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone24::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone25::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:11.0.0:milestone9::::::
cpe:2.3:a:apache:tomcat::::::::	11.0.1			11.0.3