Detection of CVE-2025-24813 on NetApp console agent's container
Applies to
- NetApp Console Agent
- CVE 2025-24813
- Container cloudmanager_vmservice_controlplane (version v5.0.0-R5.0.0-SaaS-52)
Issue
- Vulnerability scanner detected a Remote Code Execution (RCE) vulnerability (CVE-2025-24813) on the NetApp Console Agent. The specific component identified is
tomcat-embed-core-10.1.34.jarlocated at/opt/netapp/controlplane/croproxy-0.0.1-SNAPSHOT.jar/BOOT-INF/lib/tomcat-embed-core-10.1.34.jarwithin a container namedcloudmanager_vmservice_controlplane (version v5.0.0-R5.0.0-SaaS-52) -
Vulnerability description:
The vulnerability in Apache Tomcat, identified as CVE-2025-24813, allows remote code execution (RCE) via a simple PUT request, enabling attackers to gain control over servers. The flaw is due to Tomcat's handling of partial PUT requests and file-based session storage, allowing an attacker to upload a malicious Java payload that is later executed when accessed via a GET request. The exploit bypasses traditional security tools by using base64 encoding to obfuscate the payload.
- Name: cloudmanager_vmservice_controlplane:v5.0.0-R5.0.0-SaaS-52
- Type: Container
CVSS score: 10.0
CVSS severity: CRITICAL
First seen date: 2026-05-13
Fix available: yes
Packages:
Package nameInstalled versionPatched versionNon OS package pathstomcat-embed-core-10.1.34.jar (10.1.34): org.apache.tomcat.embed:tomcat-embed-core10.1.34tomcat-embed-core-10.1.34.jar (10.1.34): org.apache.tomcat.embed:tomcat-embed-core/opt/netapp/controlplane/croproxy-0.0.1-SNAPSHOT.jar/BOOT-INF/lib/tomcat-embed-core-10.1.34.jar