Improper Control Sequence Neutralization in Apache Tomcat by Apache Software Foundation
CVE-2025-55754
What is CVE-2025-55754?
A vulnerability exists in Apache Tomcat that impacts how ANSI escape sequences are handled in log messages. When running on a Windows console that supports these sequences, an attacker can exploit this issue by crafting a specific URL, which, if accessed by an administrator, could manipulate the console or clipboard. Although no direct attack vector has been confirmed, the potential remains for exploitation, particularly on other operating systems. To mitigate this risk, it is vital for users to upgrade to the latest versions of Apache Tomcat.
Affected Version(s)
Apache Tomcat 11.0.0-M1 <= 11.0.10
Apache Tomcat 10.1.0-M1 <= 10.1.44
Apache Tomcat 9.0.40 <= 9.0.108
News Articles
Red Hot CyberApache Tomcat Vulnerability: Update Now to Avoid Security Risks
Critical vulnerabilities discovered in Apache Tomcat. Urgent updates to prevent cyberattacks and protect web applications.
2 days ago
CyberSecurityNewsApache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks
The Apache Software Foundation has highlighted critical flaws in Apache Tomcat, a widely used open-source Java servlet container that powers numerous web applications.
2 days ago
References
CVSS V3.1
Timeline
- đź“°
First article discovered by CyberSecurityNews
Vulnerability published
Vulnerability Reserved