
Transcript Summary
Jon Williams, a security researcher at Bishop Fox, explains CVE-2025-24813, a remote code execution (RCE) vulnerability chain affecting Apache Tomcat. Despite widespread concern, most users are likely not affected. The exploit involves a two-step process requiring specific, non-default configurations: enabling file writing in the default servlet and supporting partial PUT requests, plus using file-based session storage without a custom location and having vulnerable Java libraries for deserialization-based RCE.
Key Points
- Patches are available – update Tomcat immediately.
- Most Tomcat instances are not vulnerable unless specific settings are misconfigured.
- Reports of active exploitation may be exaggerated.
- Exploitation requires rare configuration combinations.
- No confirmed widespread exploitation yet.
Stay calm, patch your systems, and review configurations, but there's no need for panic.
Subscribe to our blog and advisories
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.