Skip to main content
NetApp Knowledge Base

Detection of CVE-2025-24813 on NetApp console agent's container

Views:
51
Visibility:
not set
Votes:
0
Category:
netapp_console
Specialty:
netapp_console
Last Updated:

Applies to

  • NetApp Console Agent
  • CVE 2025-24813
  • Container cloudmanager_vmservice_controlplane  (version v5.0.0-R5.0.0-SaaS-52)

Issue

  • Vulnerability scanner detected a Remote Code Execution (RCE) vulnerability (CVE-2025-24813) on the NetApp Console Agent. The specific component identified is tomcat-embed-core-10.1.34.jar located at /opt/netapp/controlplane/croproxy-0.0.1-SNAPSHOT.jar/BOOT-INF/lib/tomcat-embed-core-10.1.34.jar within a container named cloudmanager_vmservice_controlplane (version v5.0.0-R5.0.0-SaaS-52)
  • Vulnerability description:

    The vulnerability in Apache Tomcat, identified as CVE-2025-24813, allows remote code execution (RCE) via a simple PUT request, enabling attackers to gain control over servers. The flaw is due to Tomcat's handling of partial PUT requests and file-based session storage, allowing an attacker to upload a malicious Java payload that is later executed when accessed via a GET request. The exploit bypasses traditional security tools by using base64 encoding to obfuscate the payload.

    • Name: cloudmanager_vmservice_controlplane:v5.0.0-R5.0.0-SaaS-52
    • Type: Container

    CVSS score: 10.0

    CVSS severity: CRITICAL

    First seen date: 2026-05-13

    Fix available: yes

    Packages:

    Package name

    Installed version

    Patched version

    Non OS package paths

    tomcat-embed-core-10.1.34.jar (10.1.34): org.apache.tomcat.embed:tomcat-embed-core

    10.1.34

    tomcat-embed-core-10.1.34.jar (10.1.34): org.apache.tomcat.embed:tomcat-embed-core

    /opt/netapp/controlplane/croproxy-0.0.1-SNAPSHOT.jar/BOOT-INF/lib/tomcat-embed-core-10.1.34.jar

Cause

The vulnerability scanner detects the presence of the affected Tomcat JAR file on the container and flags CVE-2025-24813.

Solution

No action is needed. The container cloudmanager_vmservice_controlplane is unaffected by CVE-2025-24813.

  • The vulnerability is a false positive as it is not exploitable
  • Removal of the Tomcat JAR is not advisable as it is a required runtime dependency for the Console Agent’s Spring Boot application.

Partner Notes

partnerNotes_text

Internal Notes

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support