/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- Concerns raised over the potential vulnerability of the SAP SuccessFactors instance to CVE-2025-24813, a theoretical Remote Code Execution (RCE) vulnerability in Apache Tomcat.
- The vulnerability leverages improper handling of uploaded session files and deserialization mechanisms, potentially leading to unauthorized access and exposure of sensitive data.
-
CVE-2025-24813 vulnerability is a critical security issue in Apache Tomcat. It involves a path equivalence flaw where files with an internal dot (e.g. file.Name) can lead to remote code execution (RCE), information disclosure, or malicious content injection.
- This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
Read more...
Environment
SAP SuccessFactors HCM
Keywords
CVE-2025-24813, Apache Tomcat, RCE, vulnerability, SAP SuccessFactors, security, unauthorized access, sensitive data exposure, deserialization mechanisms, session files, vulnerability , KBA , LOD-SF-PLT-PSI , Product Security Inquiries , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)