Exploit for Deserialization of Untrusted Data in Apache Tomcat CVE-2025-24813

## https://sploitus.com/exploit?id=CCB89B94-5660-5854-B815-E8DB10A85713
#!/usr/bin/env python3  
"""  
    .----------------. .----------------. .----------------. |   ______       |  |                |  |   ______     〗  
    |  |_   _ \      |  |                |  | .’ ___  |   〗  
    |    | |_) |     |  |                |  | / .’   \_|   〗  
    |    |  __’. |  |                |  | | |    ____   〗  
    |   _| |__) |    |  |   _______     |  | \ `.___]  _|  〗  
    |  |_______/     |  |  |______|     |  |  `._____.’     〗  
    ‘----------------’  ‘----------------’  ‘----------------’  
    """  
CVE-2025-24813 Vulnerability Detection Tool  

--------------> ysoserial must be placed in the current directory------------------  

Optional arguments:  
  -h, --help   Show this help message and exit  
  --host HOST   Target address (format: IP:port or domain name)  
  --dir DIR     Session storage path (must match Tomcat configuration)  
  --check       Only detect the Tomcat version  
  -m {0,1,2}    Mode: 0=Deserialization check, 1=DNS verification, 2=MAC calculation  
  -d D         DNSLog domain name (required when mode 1 is used)  

[Vulnerability Metadata]  
      vulID         : CVE-2025-24813  
      version       : 1  
      author        : black_guest  
      vulDate       : Today  
      createDate    : 2025-04-10  
      updateDate    : 2025-04-10  
      references    : https://forum.butian.net/article/674  
      name          : Apache Tomcat Deserialization RCE (CVE-2025-24813) POC  
      appPowerLink  : https://tomcat.apache.org  
      appName       : Apache Tomcat  
      appVersion    : 9.0.0.M1 <= version <= 9.0.98  
                      10.1.0-M1 <= version <= 10.1.34  
                      11.0.0-M1 <= version <= 11.0.2  
      vulType       : Java Security  
\