{"id":"UBUNTU-CVE-2025-24813","details":"Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.","modified":"2026-04-02T20:28:54.114191Z","published":"2025-03-10T17:15:00Z","related":["USN-7525-1","USN-7525-2"],"upstream":["CVE-2025-24813"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-24813"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-24813"},{"type":"REPORT","url":"https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2025/03/10/5"},{"type":"REPORT","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7525-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7525-2"}],"affected":[{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm6?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.16-3ubuntu0.18.04.2+esm6"}]}],"versions":["9.0.16-3~18.04.1","9.0.16-3ubuntu0.18.04.1","9.0.16-3ubuntu0.18.04.2","9.0.16-3ubuntu0.18.04.2+esm1","9.0.16-3ubuntu0.18.04.2+esm2","9.0.16-3ubuntu0.18.04.2+esm3","9.0.16-3ubuntu0.18.04.2+esm4","9.0.16-3ubuntu0.18.04.2+esm5"],"ecosystem_specific":{"binaries":[{"binary_name":"libtomcat9-embed-java","binary_version":"9.0.16-3ubuntu0.18.04.2+esm6"},{"binary_name":"libtomcat9-java","binary_version":"9.0.16-3ubuntu0.18.04.2+esm6"},{"binary_name":"tomcat9","binary_version":"9.0.16-3ubuntu0.18.04.2+esm6"},{"binary_name":"tomcat9-admin","binary_version":"9.0.16-3ubuntu0.18.04.2+esm6"},{"binary_name":"tomcat9-common","binary_version":"9.0.16-3ubuntu0.18.04.2+esm6"},{"binary_name":"tomcat9-docs","binary_version":"9.0.16-3ubuntu0.18.04.2+esm6"},{"binary_name":"tomcat9-examples","binary_version":"9.0.16-3ubuntu0.18.04.2+esm6"},{"binary_name":"tomcat9-user","binary_version":"9.0.16-3ubuntu0.18.04.2+esm6"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","priority_reason":"exploit available"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24813.json"}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.9+esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.31-1ubuntu0.9+esm1"}]}],"versions":["9.0.24-1","9.0.27-1","9.0.31-1","9.0.31-1ubuntu0.1","9.0.31-1ubuntu0.2","9.0.31-1ubuntu0.3","9.0.31-1ubuntu0.4","9.0.31-1ubuntu0.5","9.0.31-1ubuntu0.6","9.0.31-1ubuntu0.7","9.0.31-1ubuntu0.8","9.0.31-1ubuntu0.9"],"ecosystem_specific":{"binaries":[{"binary_name":"libtomcat9-embed-java","binary_version":"9.0.31-1ubuntu0.9+esm1"},{"binary_name":"libtomcat9-java","binary_version":"9.0.31-1ubuntu0.9+esm1"},{"binary_name":"tomcat9","binary_version":"9.0.31-1ubuntu0.9+esm1"},{"binary_name":"tomcat9-admin","binary_version":"9.0.31-1ubuntu0.9+esm1"},{"binary_name":"tomcat9-common","binary_version":"9.0.31-1ubuntu0.9+esm1"},{"binary_name":"tomcat9-docs","binary_version":"9.0.31-1ubuntu0.9+esm1"},{"binary_name":"tomcat9-examples","binary_version":"9.0.31-1ubuntu0.9+esm1"},{"binary_name":"tomcat9-user","binary_version":"9.0.31-1ubuntu0.9+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","priority_reason":"exploit available"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24813.json"}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2+esm2?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.58-1ubuntu0.2+esm2"}]}],"versions":["9.0.43-3","9.0.54-1","9.0.55-1","9.0.58-1","9.0.58-1ubuntu0.1","9.0.58-1ubuntu0.1+esm1","9.0.58-1ubuntu0.1+esm2","9.0.58-1ubuntu0.1+esm3","9.0.58-1ubuntu0.1+esm4","9.0.58-1ubuntu0.2","9.0.58-1ubuntu0.2+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"libtomcat9-embed-java","binary_version":"9.0.58-1ubuntu0.2+esm2"},{"binary_name":"libtomcat9-java","binary_version":"9.0.58-1ubuntu0.2+esm2"},{"binary_name":"tomcat9","binary_version":"9.0.58-1ubuntu0.2+esm2"},{"binary_name":"tomcat9-admin","binary_version":"9.0.58-1ubuntu0.2+esm2"},{"binary_name":"tomcat9-common","binary_version":"9.0.58-1ubuntu0.2+esm2"},{"binary_name":"tomcat9-docs","binary_version":"9.0.58-1ubuntu0.2+esm2"},{"binary_name":"tomcat9-examples","binary_version":"9.0.58-1ubuntu0.2+esm2"},{"binary_name":"tomcat9-user","binary_version":"9.0.58-1ubuntu0.2+esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","priority_reason":"exploit available"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24813.json"}},{"package":{"name":"tomcat10","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/tomcat10@10.1.16-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"10.1.16-1ubuntu0.1~esm1"}]}],"versions":["10.1.10-1","10.1.14-1","10.1.15-1","10.1.16-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libtomcat10-embed-java","binary_version":"10.1.16-1ubuntu0.1~esm1"},{"binary_name":"libtomcat10-java","binary_version":"10.1.16-1ubuntu0.1~esm1"},{"binary_name":"tomcat10","binary_version":"10.1.16-1ubuntu0.1~esm1"},{"binary_name":"tomcat10-admin","binary_version":"10.1.16-1ubuntu0.1~esm1"},{"binary_name":"tomcat10-common","binary_version":"10.1.16-1ubuntu0.1~esm1"},{"binary_name":"tomcat10-docs","binary_version":"10.1.16-1ubuntu0.1~esm1"},{"binary_name":"tomcat10-examples","binary_version":"10.1.16-1ubuntu0.1~esm1"},{"binary_name":"tomcat10-user","binary_version":"10.1.16-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","priority_reason":"exploit available"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24813.json"}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu0.1+esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.70-2ubuntu0.1+esm1"}]}],"versions":["9.0.70-1ubuntu1","9.0.70-2","9.0.70-2ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libtomcat9-java","binary_version":"9.0.70-2ubuntu0.1+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","priority_reason":"exploit available"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24813.json"}},{"package":{"name":"tomcat9","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/tomcat9@9.0.70-2ubuntu2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.70-2ubuntu2"}]}],"versions":["9.0.70-2ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libtomcat9-java","binary_version":"9.0.70-2ubuntu2"}],"availability":"No subscription required","priority_reason":"exploit available"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24813.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"high"}]}