Funny Bug Bounty Reports #1

Posted Apr 28, 2025

By pizza power

1 min read

This is the first part in my new series “Funny Bug Bounty Reports”. These are not judged on their merits, technical abilities, or anything other than if they make me laugh. Today, I bring you the discovery of CVE-2025-24813 at HackerOne, which was an RCE in Apache Tomcat.

In particular the first sentence is lol. I will start declaring myself at the start of reports.

I am sw0rd1ight.I found an Apache Tomcat RCE vulnerability in tomcat 9.0.98.

But anyway, it is a cool bug - kudos to sw0rd1ight. I feel like they should have received a slighty higher payout, but I suppose it takes a bit of star alignment to actually exploit this.

Stay tuned for the next episode!

bug bounty, penetration testing

funnybbreports

This post is licensed under CC BY 4.0 by the author.

Trending Tags