CVE-2025-24813: Apache Tomcat RCE Proof of Concept

This repository provides a controlled, automated environment to demonstrate Remote Code Execution (RCE) vulnerabilities in Apache Tomcat via CVE-2025-24813.

Overview

This PoC exploits misconfigured file-based session persistence in Apache Tomcat's DefaultServlet to achieve unauthorized file overwrites.

How to Use This Repo

Prerequisites

Docker and Docker Compose installed.

1. Launch the Environment

From the repository root, run:

docker compose up -d --build

2. Run the Exploit

Follow the automated tutorial workflow:

Navigate to the exploit/ directory.
Activate the python virtual environment:
```
source venv/bin/activate
```
Follow the instructions in ./exploit/exploit_path.md to execute the exploit.

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
exploit		exploit
webserver		webserver
Demo.webm		Demo.webm
IMPLEMENTATION.MD		IMPLEMENTATION.MD
README.md		README.md
docker-compose.yml		docker-compose.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2025-24813: Apache Tomcat RCE Proof of Concept

Overview

How to Use This Repo

Prerequisites

1. Launch the Environment

2. Run the Exploit

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

CVE-2025-24813: Apache Tomcat RCE Proof of Concept

Overview

How to Use This Repo

Prerequisites

1. Launch the Environment

2. Run the Exploit

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages