Bishop Fox | Tomcat CVE-2025-24813: What You Need to Know

Cosmos

Services

Resources

Customers

Partners

About Us

Get Started

We're Hiring!

Want to Work with the Best Minds in Offensive Security?

Be part of an elite team and work on projects that have a real impact.

Explore Openings

Company Overview

Get to know us. Learn about our roots and see why we're on a mission to improve security for all.

Join us at an upcoming event or peruse our speaking engagements, past and present.

Read the latest articles, announcements, and press releases from Bishop Fox.

Want to get in touch? We're ready to connect.

Career Opportunities

We're hiring! Explore our open positions and discover why the Fox Den is a great place to build your career.

Intern & Educational Programs

Starting your offensive security journey? Check out our internships and educational programs.

Bishop Fox Mexico

¡Celebramos! Bishop Fox is now in Mexico. Learn more about our expansion.

Tomcat CVE-2025-24813: What You Need to Know

A breakdown of CVE-2025-24813 in Apache Tomcat—what it is, who’s actually at risk, and why most users likely aren’t affected. Keep calm and patch your servers.

A lot of noise is swirling around this Apache Tomcat RCE chain—but should you be worried? Our security researcher Jon Williams breaks it down:

Patches are available—upgrade immediately if you can.
Most Tomcat instances aren’t vulnerable unless specific settings are misconfigured.
Reports of active exploitation may be exaggerated.

Extend Your Knowledge

Check out these related resources.

Vulnerability Intelligence: Decrypting SonicOSX: Tearing Down Walls purple background.

Feb 24, 2025

Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware

By Jon Williams

SonicWall CVE-2024-53704 title with vulnerability intelligence tag: SSL VPN Session Hijacking.

Feb 10, 2025

SonicWall CVE-2024-53704: SSL VPN Session Hijacking

By Jon Williams

Blog title and category: Vulnerability Intelligence Current State of SonicWall Exposure: Firmware Decryption Unlocks New Insights

Dec 13, 2024

Current State of SonicWall Exposure: Firmware Decryption Unlocks New Insights

By Bishop Fox

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.