Conversation
buherator
buherator
Edited 1 month ago
This "analysis" by Wallarm - claiming active exploitation of CVE-2025-24813 Tomcat RCE - is wrong in multiple ways (maybe LLM slop?):
https://web.archive.org/web/20250314071219/https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/
There is a PoC on GitHub too now - it improves my findings by directly invoking the session corresponding to the saved object so you don't have to wait for periodic refreshes:
https://github.com/iSee857/CVE-2025-24813-PoC/
This PoC will raise the EPSS score too.
Edit: Wallarm published an update showing that exploit traffic was detected before a PoC was public. Problem is my writeup&PoC was published well before their detection :P
https://web.archive.org/web/20250314071219/https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/
There is a PoC on GitHub too now - it improves my findings by directly invoking the session corresponding to the saved object so you don't have to wait for periodic refreshes:
https://github.com/iSee857/CVE-2025-24813-PoC/
This PoC will raise the EPSS score too.
Edit: Wallarm published an update showing that exploit traffic was detected before a PoC was public. Problem is my writeup&PoC was published well before their detection :P
0
3
9