Security Advisory: Potential Tomcat RCE Vulnerability (CVE-2025-24813)

Last modified 18 Mar 2025 16:57 +01:00

Date: 18. 03. 2025

Severity: 6.3 (High)

Affected versions: All midPoint versions prior to 4.8.7, 4.9.2

Fixed in versions: 4.8.7, 4.9.2

Description

An attacker may exploit vulnerablity CVE-2025-24813 if writes for the default servlet are enabled (this is disabled by default in midPoint).

Attacker may inject content to files uploaded using Tomcat (midPoint uses Wicket upload instead of Tomcat) and may try deserialization attack using file based session persistance.

Severity and Impact

This is High Severity Issue.

The attacker may be able to create / modify Tomcat uploads on midPoint servers when custom Tomcat configuration is used.

Mitigation

Users of affected MidPoint versions are advised to upgrade their deployments to the latest maintenance releases.

If it is not possible, verify that your Tomcat configuration override does not enable writes for default server. This is usually achieved by modifying application.yml.

Was this page helpful?
YES NO
Thanks for your feedback