# CVE-2025-24813 Apache Tomcat RCE Exploit PoC
This repository contains a proof-of-concept exploit for CVE-2025-24813, a Java
deserialization vulnerability in Apache Tomcat.
Based on
[absholi7ly/POC-CVE-2025-24813/](https://github.com/absholi7ly/POC-CVE-2025-24813/).
## Prerequisites
- Docker
## Setup
1. Install dependencies:
```bash
uv venv
source .venv/bin/activate
uv sync
```
2. Download ysoserial:
```bash
./download.sh
```
## Usage
### Using Docker (Recommended)
Build and run the exploit in a container:
```bash
docker build -t cve-2025-24813-poc:latest .
docker run --rm -it --mount "type=bind,src=$(pwd),target=/app" cve-2025-24813-poc:latest
python main.py <target>
```
### Direct Execution
Run the exploit directly:
```bash
python main.py <target_url> [options]
```
#### Options
- `--command`: Command to execute (default: `calc.exe`)
- `--ysoserial`: Path to ysoserial.jar (default: `./ysoserial-all.jar`)
- `--gadget`: ysoserial gadget chain (default: `CommonsCollections6`)
- `--payload_type`: Payload type - `ysoserial` or `java` (default: `ysoserial`)
- `--no-ssl-verify`: Disable SSL verification
#### Examples
```bash
# Basic usage
python main.py http://target:8080
# Custom command
python main.py http://target:8080 --command "whoami"
# Using Java payload instead of ysoserial
python main.py http://target:8080 --payload_type java
```
## How it Works
1. Checks if the target servlet is writable via PUT requests
2. Generates a malicious serialized Java payload
3. Uploads the payload as a session file
4. Triggers deserialization by accessing the session
## Disclaimer
This tool is for educational and authorized testing purposes only. Do not use
against systems you do not own or have explicit permission to test.
## References
- <https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html>
- <https://nvd.nist.gov/vuln/detail/CVE-2025-24813>
- <https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-03-14-Testing-CVE-2025-24813.md>
登录后查看神龙缓存的 POC 文件快照
登录查看