Tag Archives: Tomcat

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability

Leave a reply

About Remote Code Execution - Apache Tomcat (CVE-2025-24813) vulnerability

About Remote Code Execution – Apache Tomcat (CVE-2025-24813) vulnerability. Apache Tomcat is an open-source software that provides a platform for Java web applications. The vulnerability allows a remote attacker to upload and execute arbitrary files on the server due to flaws in the handling of uploaded session files and the deserialization mechanism.

🔻 The vendor’s bulletin was released on March 10. It notes that the two conditions required for exploitation (“writes enabled for the default servlet” and “file based session persistence with the default storage location”) are not met in default installations.

🔻 Vulnerability write-up based on patch analysis and PoC exploit were published on March 11. Fully functional exploits have been available on GitHub since March 13.

🔻 Since March 17, there have been signs of exploitation in the wild. 👾 On April 1, the vulnerability was added to CISA KEV.

The vulnerability was fixed in versions 9.0.99, 10.1.35, and 11.0.3.

На русском

March Linux Patch Wednesday

Leave a reply

March Linux Patch Wednesday

March Linux Patch Wednesday. Total vulnerabilities: 1083. 😱 879 in the Linux Kernel. 🤦‍♂️ Two vulnerabilities show signs of exploitation in the wild:

🔻 Code Injection – GLPI (CVE-2022-35914). An old vulnerability from CISA KEV, but first patched on March 3 in RedOS Linux.
🔻 Memory Corruption – Safari (CVE-2025-24201). Fixed in WebKitGTK packages in Linux repositories.

There are 19 vulnerabilities with publicly available exploits. Notable ones:

🔸 Remote Code Execution – Apache Tomcat (CVE-2025-24813)
🔸 Command InjectionSPIP (CVE-2024-8517)
🔸 Memory CorruptionAssimp (CVE-2025-2152)
🔸 Memory Corruption – libxml2 (CVE-2025-27113)

The Elevation of Privilege vulnerability in the Linux Kernel (CVE-2022-49264) has no public exploit yet. However, it resembles well-known PwnKit (CVE-2021-4034).

🗒 Full Vulristics report

На русском

Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection

1 Reply

Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection. Hello everyone! This episode will be about last week’s high-profile vulnerabilities in Spring. Let’s figure out what happened.

Alternative video link (for Russia): https://vk.com/video-149273431_456239078

Of course, it’s amazing how fragmented the software development world has become. Now there are so many technologies, programming languages, libraries and frameworks! It becomes very difficult to keep them all in sight. Especially if it’s not the stack you use every day. Entropy keeps growing every year. Programmers are relying more and more on off-the-shelf libraries and frameworks, even where it may not be fully justified. And vulnerabilities in these off-the-shelf components lead to huge problems. So it was in the case of a very critical Log4Shell vulnerability, so it may be in the case of Spring vulnerabilities.

Spring is a set of products that are used for Java development. They are developed and maintained by VMware. The main one is Spring Framework. But there are a lot of them, at least 21 on the website. And because Spring belongs to VMware, you can find a description of the vulnerabilities on the VMware Tanzu website. VMware Tanzu is a suite of products that helps users run and manage multiple Kubernetes (K8S) clusters across public and private “clouds”. Spring is apparently also part of this suite and therefore Spring vulnerabilities are published there. Let’s look at the 3 most serious vulnerabilities published in the last month.

Continue reading

Vulnerability Intelligence based on media hype. It works? Grafana LFI and Log4j “Log4Shell” RCE

1 Reply

Vulnerability Intelligence based on media hype. It works? Grafana LFI and Log4j “Log4Shell” RCE. Hello everyone! In this episode, I want to talk about vulnerabilities, news and hype. The easiest way to get timely information on the most important vulnerabilities is to just read the news regularly, right? Well, I will try to reflect on this using two examples from last week.

I have a security news telegram channel https://t.me/avleonovnews that is automatically updated by a script using many RSS feeds. And the script even highlights the news associated with vulnerabilities, exploits and attacks.

And last Tuesday, 07.02, a very interesting vulnerability in Grafana was released.

Continue reading