The Apache Software Foundation has disclosed two critical security vulnerabilities in Apache Tomcat, prompting immediate updates to mitigate potential exploitation. These flaws include directory traversal leading to remote code execution and console manipulation through log injections, affecting multiple versions of Tomcat. #ApacheTomcat #CVE202555752 #CVE202555754
Keypoints
- Security vulnerabilities CVE-2025-55752 and CVE-2025-55754 affect multiple versions of Apache Tomcat.
- The critical flaw CVE-2025-55752 enables directory traversal and possible remote code execution, especially if HTTP PUT requests are enabled.
- The lower severity flaw CVE-2025-55754 allows console manipulation via ANSI escape sequences in log messages.
- Administrators are advised to upgrade to patched versions: 11.0.11, 10.1.45, or 9.0.109, and restrict HTTP PUT requests.
- The vulnerabilities were publicly disclosed on October 27, 2025, with detailed mitigation strategies provided.
Read More: https://thecyberexpress.com/apache-tomcat-cve-2025-55752/