You are currently viewing Patch Now! Apache Tomcat Vulnerabilities Expose Servers to RCE Risk

Patch Now! Apache Tomcat Vulnerabilities Expose Servers to RCE Risk

  • Post author:
  • Reading time:3 mins read

The Apache Software Foundation recently addressed two security vulnerabilities affecting multiple versions of Apache Tomcat, a widely-used open-source Java servlet container. These vulnerabilities, identified as CVE-2025-55752 and CVE-2025-55754, impact versions 9, 10, and 11 of Apache Tomcat and highlight the need for administrators to promptly apply the necessary upgrades. One of these flaws presents a serious risk of remote code execution (RCE) on vulnerable servers, while the other allows for console manipulation.

Root Cause

The vulnerabilities arise from:

  • CVE-2025-55752: A regression in URL rewriting rules that permits the manipulation of query parameters, bypassing security measures intended to protect sensitive directories. This flaw was introduced during the fix for bug 60013. If PUT requests are enabled, attackers could exploit the directory traversal to upload malicious files, leading to remote code execution (RCE).
  • CVE-2025-55754: Improper neutralization of ANSI escape sequences in Tomcat’s log messages. This can allow attackers to inject malicious escape sequences into log outputs to manipulate the console display and clipboard contents, potentially tricking system administrators into executing attacker-controlled commands, especially on Windows systems.

Affected Products

The vulnerabilities affect the following Apache Tomcat versions:

  • Apache Tomcat 11.0.0-M1 to 11.0.10
  • Apache Tomcat 10.1.0-M1 to 10.1.44
  • Apache Tomcat 9.0.0.M11 to 9.0.108
  • Apache Tomcat 8.5.60 to 8.5.100 (and other older EOL versions)

Tactics, Techniques, and Procedures (TTPs)

Attackers can exploit these vulnerabilities using the following MITRE ATT&CK tactics and techniques:

  • TA0006 – Execution: Attackers can achieve code execution by exploiting the directory traversal vulnerability to upload malicious files.
  • TA0004 – Privilege Escalation: By exploiting the directory traversal, attackers can gain elevated privileges on the system.
  • TA0005 – Defense Evasion: Attackers can use escape sequences to manipulate console displays and evade detection.
  • T1203 – Exploitation for Client Execution: Attackers exploit vulnerabilities to execute malicious code on the client-side.
  • T1068 – Exploitation for Privilege Escalation: Attackers leverage vulnerabilities to escalate their privileges within the system.
  • T1197 – BITS Jobs: Attackers might use Background Intelligent Transfer Service (BITS) to maintain persistence or transfer files.

Mitigation & Recommendations

To mitigate these vulnerabilities, it is highly recommended to:

  • Upgrade to Apache Tomcat version 11.0.11, 10.1.45, or 9.0.109.
  • Audit configurations to ensure that PUT requests are restricted, especially in conjunction with URL rewriting, to prevent potential RCE.
  • Regularly monitor Apache Tomcat logs for suspicious activities and unusual patterns that may indicate an attempted exploit.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.