Tag
tomcat
Safeguard articles tagged "tomcat" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Management
Apache Tomcat CVE-2025-24813: a deserialization deep dive
Tomcat's partial-PUT deserialization RCE turned a session persistence feature into a remote code execution path, and the pattern is one Java middleware keeps repeating.
May 13, 20267 min read
Vulnerability Analysis
CVE-2021-25329: Incomplete fix of Tomcat PersistenceManag...
CVE-2021-25329 shows how Tomcat's PersistenceManager deserialization fix (CVE-2020-9484) was incomplete, still risking RCE in edge-case configs.
Sep 23, 20258 min read