Transcript Summary

John Williams, a security researcher at Bishop Fox, explains CVE-2025-24813, a remote code execution (RCE) vulnerability chain affecting Apache Tomcat. Despite widespread concern, most users are likely not affected. The exploit involves a two-step process requiring specific, non-default configurations: enabling file writing in the default servlet and supporting partial PUT requests, plus using file-based session storage without a custom location and having vulnerable Java libraries for deserialization-based RCE.

Key Points

• Patches are available – update Tomcat immediately.
• Most Tomcat instances are not vulnerable unless specific settings are misconfigured.
• Reports of active exploitation may be exaggerated.
• Exploitation requires rare configuration combinations.
• No confirmed widespread exploitation yet.

Stay calm, patch your systems, and review configurations, but there's no need for panic.