Conversation
Edited 24 days ago
This is the fix commit for CVE-2025-24813, looks pretty straightforward:

https://github.com/apache/tomcat/commit/0a668e0c27f2b7ca0cc7c6eea32253b9b5ecb29c

Given Tomcat's downstream supply chain I'd be surprised if this didn't end up in KEV...
1
0
3

@buherator hmm something something dir separator on windows

0
0
1