CWE-44

Path Equivalence: 'file.name' (Internal Dot)

1 CVEs Avg CVSS 9.8 MITRE
1
CRITICAL
0
HIGH
0
MEDIUM
0
LOW
1
POC
1
KEV

Monthly

CVE-2025-24813 CRITICAL POC KEV PATCH THREAT CERT-EU Emergency

A critical path equivalence vulnerability in Apache Tomcat's Default Servlet allows unauthenticated remote code execution through specially crafted PUT requests using internal dot notation in filenames. With EPSS of 94% and active exploitation in the wild, this represents one of the most dangerous Tomcat vulnerabilities in recent years, affecting versions 9.0.0-9.0.98, 10.1.0-10.1.34, and 11.0.0-11.0.2.

Apache RCE Information Disclosure Redhat Suse
NVD GitHub HeroDevs Exploit-DB
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2025-24813
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Emergency

A critical path equivalence vulnerability in Apache Tomcat's Default Servlet allows unauthenticated remote code execution through specially crafted PUT requests using internal dot notation in filenames. With EPSS of 94% and active exploitation in the wild, this represents one of the most dangerous Tomcat vulnerabilities in recent years, affecting versions 9.0.0-9.0.98, 10.1.0-10.1.34, and 11.0.0-11.0.2.

Apache RCE Information Disclosure +2
NVD GitHub HeroDevs Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy