CVE
CVE-2025-24813
| CVE ID |
CVE-2025-24813
|
|---|---|
| CVSS Score |
9.8
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
8.5.108-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary :
Resolved a critical path-equivalence vulnerability in the DefaultServlet that could allow remote code execution or unauthorized file modification via partial PUT and session persistence exploitation, preventing attackers from writing malicious content to server storage. Improvements include enhancing the lifecycle of temporary files used by partial PUT and removing intermediate temporary file retention to mitigate the underlying unsafe file handling that enabled the exploit.