Trend Micro Releases New Critical Patch for Trend Micro Apex Central
Trend Micro releases Critical patches for ‘Build 7190’ , Patches Multiple Vulnerabilities Including RCE & DoS
Continue ReadingCritical patches
Critical Apache Tomcat Vulnerabilities Enable RCE
Summary : Security Advisory : Apache Tomcat’s security updates address two critical issues affecting widely deployed server components. Attackers can now exploit flaws in Apache Tomcat where improper URL handling and inadequate input neutralization allow unauthorized access to restricted directories.
| OEM | Oracle |
| Severity | Critical |
| CVSS Score | 9.6 |
| CVEs | CVE-2025-55754, CVE-2025-55752 |
| POC Available | No |
| Actively Exploited | No |
| Advisory Version | 1.0 |
Overview One issue allows attackers to bypass URL protections and upload malicious files, leading to remote code execution if misconfigured and another permits attackers to manipulate console outputs on Windows systems using crafted log entries.
Organizations should promptly update their servers, review configuration settings and enhance monitoring to mitigate these risks.
| Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
| Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability | CVE-2025-55754 | Apache Tomcat | Critical | 11.0.0-M1 through 11.0.10, 10.1.0-M1 through 10.1.44, 9.0.0.40 through 9.0.108. |
| Path Traversal Vulnerability | CVE-2025-55752 | Apache Tomcat | High | 11.0.0-M1 through 11.0.10, 10.1.0-M1 through 10.1.44, 9.0.0.M11 through 9.0.108. |
Technical Summary This enable malicious file uploads, and inject control sequences affecting console behavior or system integrity.
These weaknesses increase the risk of unauthorized code execution and compromise of application environments.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-55752 | URL Rewrite Handler (Apache Tomcat Core) | A directory traversal flaw resulting from improper URL normalization and decoding order, allowing attackers to bypass /WEB-INF/ and /META-INF/ protections. If PUT requests are enabled, malicious actors can upload files to sensitive directories, potentially executing arbitrary code. | Remote code execution, full server compromise if Tomcat is misconfigured with PUT enabled. |
| CVE-2025-55754 | Logging/Console Output | Improper neutralization of ANSI escape sequences in Tomcat log messages allows crafted URLs to inject control sequences. On Windows systems with ANSI-capable consoles, attackers can manipulate the console display and clipboard or potentially induce command execution via social engineering. | Console manipulation, potential administrator trickery, clipboard hijacking; less severe but can be chained for larger attacks. |
Recommendations
Update Apache Tomcat to the following versions immediately:
- For 11.x version updated to v11.0.11 or latest
- For 10.x version updated to v10.1.45 or latest
- For 9.x version updated to v9.0.109 or latest
If you not updating immediately you can follow some recommendations below
- Disable or restrict PUT requests unless absolutely needed to prevent unauthorized file uploads.
- Limit network access to Tomcat management interfaces to trusted administrators and secure sensitive directories.
- Monitor logs and serves activity regularly for unusual or suspicious behavior indicative of exploitation attempts.
Conclusion:
The patches released by Apache Tomcat fix critical remote code execution and console manipulation bugs that could compromise servers.
Though no widespread exploitation is confirmed yet, immediate patching is strongly recommended to prevent serious security incidents. Security teams should apply these updates and monitor any suspicious server activity.
References:
Recent Comments