Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability - CVE-2025-24813
Path Equivalence: 39file.Name39 (Internal Dot) leading toRemote Code Execution and/or Information disclosureand/or malicious content added to uploaded files via write enabledDefault Servletin Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2 from 10.1.0-M1 through 10.1.34 from 9.0.0.M1 through 9.0.98. If all of the following were true a malicious user was able to view security sensitive files and/or inject content into those files: -writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory ofa target URL for public uploads -attacker knowledge of the names of security sensitive files beinguploaded -the security sensitive files also being uploaded via partial PUT If all of the following were true a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) -support for partial PUT (enabled by default) -application was using Tomcat39s file based session persistence with thedefault storage location -application included a library that may be leveraged in adeserialization attack Users are recommended to upgrade to version 11.0.3 10.1.35 or 9.0.99 which fixes the issue.