CVE-2025-24813: Apache Tomcat RCE via Partial PUT

Q: Can Apache Tomcat be exploited for RCE?

Yes, CVE-2025-24813 enables unauthenticated RCE on Apache Tomcat through partial PUT requests and session deserialization. Exploitation began within 30 hours of PoC release.

CRITICAL

9.8CRITICAL

Published: 2025-03-10Affected: Apache Tomcat 11.0.0-M1 through 11.0.2CWE-502 ↗

Can Apache Tomcat be exploited for RCE?

A path equivalence vulnerability in Apache Tomcat that, combined with partial PUT request handling and default servlet configuration, allows unauthenticated remote code execution via deserialization of uploaded session files.

Impact & Exploitation

Active exploitation 30 hours after PoC release. Tomcat powers millions of Java web applications. Affects deployments with default servlet write-enabled and file-based session persistence.

How Precogs AI Detects Apache Tomcat RCE via Partial PUT

Precogs AI detects Tomcat configuration weaknesses and deserialization vulnerabilities in compiled Java web application servers during Binary DAST security testing.

Scan for CVE-2025-24813

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2025-24813: Apache Tomcat RCE via Partial PUT

Can Apache Tomcat be exploited for RCE?

Impact & Exploitation

How Precogs AI Detects Apache Tomcat RCE via Partial PUT

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

Can Apache Tomcat be exploited for RCE?

Impact & Exploitation

How Precogs AI Detects Apache Tomcat RCE via Partial PUT

Related Resources

🔍 Related CWE Entries

📋 OWASP Top 10

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?