Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat CVE-2025-24813

Name: Exploit for Use of Incorrectly-Resolved Name or Reference in Apache Tomcat CVE-2025-24813
Rating: 5 (40 reviews)

2025-03-30 | CVSS 9.8

## https://sploitus.com/exploit?id=F22192BA-E40D-5C69-BD68-DC5ED5E0595C
# Testing any tomcat version to see whether that version is vulnerable to CVE-2025-24813
This POC allow you to test any tomcat version to verify whether that version is vulnerable to CVE-2025-24813 under the vulnerable conditions, in Unix environments (tested on a `Ubuntu` machine).

**Note:** tested using openjdk 11.

1. Modify `tomcat_version` variable in `01-prepare-environment.sh` file to the targeted tomcat version
   ```
   #!/bin/bash
   tomcat_version="10.1.20"
   ```
2. Prepare the environment: Run the file `01-prepare-environment.sh`
3. Test the POC: Run the file `02-test.sh`

Please read https://digitaldefenders.substack.com/p/cve-2025-24813-one-guard-lies-one for a more detailed explanation on this vulnerability.