Conversation

Notices

1. Embed this notice
   CISA KEV Tracker (cisakevtracker@mastodon.social)'s status on Wednesday, 02-Apr-2025 04:06:35 JST CISA KEV Tracker

   CVE ID: CVE-2025-24813
   Vendor: Apache
   Product: Tomcat
   Date Added: 2025-04-01
   Vulnerability: Apache Tomcat Path Equivalence Vulnerability
   Notes: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https://nvd.nist.gov/vuln/detail/CVE-2025-24813
   CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2025-24813

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 02-Apr-2025 04:06:34 JST Kevin Beaumont

     in reply to

     • buherator

     @cisakevtracker @buherator you called it

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 02-Apr-2025 04:17:55 JST Kevin Beaumont

     in reply to

     • buherator
     • cR0w :cascadia:

     @cR0w @buherator @cisakevtracker yeah, I’ve yet to find anything vuln tbh. I tested all the potentially impacted GitHub repos and none were actually vuln.

   • Embed this notice
     cR0w :cascadia: (cr0w@infosec.exchange)'s status on Wednesday, 02-Apr-2025 04:17:56 JST cR0w :cascadia:

     in reply to

     • Kevin Beaumont
     • buherator

     @buherator @GossiTheDog @cisakevtracker CISA has been skeptical about this one too, from what I've heard, and has wanted to confirm that any exploitation was both successful and specifically this vulnerability.

   • Embed this notice
     buherator (buherator@infosec.place)'s status on Wednesday, 02-Apr-2025 04:17:57 JST buherator

     in reply to

     • Kevin Beaumont
     @GossiTheDog @cisakevtracker Thanks for the heads up! I'm quite skeptical though given the previous FUD reports, can't wait to see more info about any observed attacks!