
Transcript Summary
Jon Williams, a security researcher at Bishop Fox, explains CVE-2025-24813, a remote code execution (RCE) vulnerability chain affecting Apache Tomcat. Despite widespread concern, most users are likely not affected. The exploit involves a two-step process requiring specific, non-default configurations: enabling file writing in the default servlet and supporting partial PUT requests, plus using file-based session storage without a custom location and having vulnerable Java libraries for deserialization-based RCE.
Key Points
- Patches are available – update Tomcat immediately.
- Most Tomcat instances are not vulnerable unless specific settings are misconfigured.
- Reports of active exploitation may be exaggerated.
- Exploitation requires rare configuration combinations.
- No confirmed widespread exploitation yet.
Stay calm, patch your systems, and review configurations, but there's no need for panic.
Subscribe to our blog and advisories
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Recommended Posts
You might be interested in these related posts.

Feb 24, 2025
Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware

Feb 10, 2025
SonicWall CVE-2024-53704: SSL VPN Session Hijacking

Dec 13, 2024
Current State of SonicWall Exposure: Firmware Decryption Unlocks New Insights

Mar 31, 2025
Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood