Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Ivanti: .NET and Tomcat Vulnerabilities

Ivanti
07/03/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


we have a partnership with a vendor called TuxCare. TuxCare does an excellent job of keeping up on the Linux market. The Linux market, as many of you know, is a little bit more nebulous than the Windows or even the Apple platforms as far as how well things are documented and how they roll out. A lot of times, Linux takes a lot longer to distribute down through all the different distributions because we're dealing with open source. Some of these are more actively maintained than others. Some have a stronger security focus than others. That's where things get a little bit challenging at times. We have asked TuxCare to give us the, what should people be watching for at any given time and get a few key nuggets of here's the things that should be top of mind for you. This month, the first one of these is more of an end-of-life awareness. Again, Linux platforms may have more chance of end-of-life components or older aging components in them than your other platforms depending on how maintained it is. In this case, the first one here, CVE-2025-24070 is a vulnerability in the.NET framework. That is on all platforms, Linux and Windows. The mitigation here, the thing to call out, and the concern from the Linux side is there's a lot more cases of older.NET versions out there. Your vulnerability scanners may or may not detect these vulnerabilities on the.NET 6 side, depending on if they're doing detection for things that are end-of-lifed. Microsoft did not document anything as end-of-life there because technically that.NET 6 is end-of-life, so they didn't really update anything new for it. But if you are still running.NET 6, this vulnerability is applicable in that case. .NET 7 is also exposed to this vulnerability, but it will not be patched in that version. No official patches for this vulnerability will occur for 6 or 7. You need to move forward to newer.NET versions to resolve this. More of an awareness, if you do have older.NET versions, they are now accumulating security risk, and you do want to look at how do you mitigate or remove those from your environment. Next is CVE-2025-24813. This is a vulnerability in Tomcat running on any Linux distributions. It doesn't matter what distro you're on if you're running Tomcat on there, this is definitely a vulnerability you want to be concerned about. Score on this is a 9.8. Guidance here, they give the version information on what Tomcat versions you need to be up to to be resolved. You can see here the 11, 10, and 9 branches all have a version that will resolve this. But the vulnerability in this case is definitely a high score. Given how prevalent and well-known line of business apps are running Tomcat, this one could be fairly pervasive. Definitely a concern and one that thread actors will probably take a look at. That is our Linux lineup.

TL;DR

  • CVE-2025-24070 in .NET framework affects Linux and Windows, but .NET 6 and 7 will not receive patches—migration to newer versions is required to remediate.
  • CVE-2025-24813 is a critical 9.8-scored Tomcat vulnerability affecting all Linux distributions, with patches available for Tomcat 9, 10, and 11 branches.
  • Linux environments typically have more end-of-life and aging components than Windows or Apple platforms due to varied maintenance levels across distributions.

Summary

This segment from Ivanti's April 2025 Patch Tuesday webinar covers critical Linux security updates provided through their partnership with TuxCare. The presentation highlights two significant vulnerabilities requiring immediate attention. First, CVE-2025-24070 affects the .NET framework across both Linux and Windows platforms, with particular concern for Linux environments where older .NET versions (6 and 7) are more prevalent and will not receive official patches—requiring migration to newer versions. Second, CVE-2025-24813 is a critical 9.8-scored vulnerability in Apache Tomcat affecting all Linux distributions, with patches available for versions 9, 10, and 11. The speaker emphasizes that Linux environments often contain more end-of-life components than Windows or Apple platforms due to the open-source distribution model, making proactive vulnerability management essential. Organizations running Tomcat-based line-of-business applications should prioritize this update given the high likelihood of threat actor exploitation.

Chapters

0:00 - TuxCare Partnership Overview
0:53 - .NET Framework Vulnerability
2:31 - Tomcat Critical Vulnerability

Key Quotes

0:21 "A lot of times, Linux takes a lot longer to distribute down through all the different distributions because we're dealing with open source."
1:33 "Your vulnerability scanners may or may not detect these vulnerabilities on the .NET 6 side, depending on if they're doing detection for things that are end-of-lifed."
2:22 "If you do have older .NET versions, they are now accumulating security risk, and you do want to look at how do you mitigate or remove those from your environment."

FAQ

Why won't Microsoft patch .NET 6 and 7 for CVE-2025-24070?

Both .NET 6 and .NET 7 have reached end-of-life status, meaning Microsoft no longer provides security updates for these versions. Organizations must upgrade to currently supported .NET versions to receive vulnerability patches and maintain security coverage.


Categories:
  • » Webinar Library » Ivanti
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Vulnerability Management
  • Compliance & Governance
  • Technical Deep Dive
  • Webinar
  • Linux security patching
  • Patch Tuesday
  • .NET framework vulnerabilities
  • Apache Tomcat security
  • End-of-life software risks
  • Vulnerability management
  • Open source security
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Ivanti: .NET and Tomcat Vulnerabilities

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting an Elite Security Team to Achieve Championship-Level Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-an-elite-security-team-to-achieve-championship-level-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Mastering the DPDP Framework
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-mastering-the-dpdp-framework/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting an Elite Security Team to Achieve Championship-Level Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version