The Apache Software Foundation has announced critical vulnerabilities affecting various versions of Apache Tomcat, including versions from 11.0.0-M1 to 11.0.10, with notable risks associated with CVE-2025-55752. This flaw allows for remote code execution through a directory traversal vulnerability that can be exploited by attackers when risky configurations, such as accepting PUT requests, are enabled. With sensitive directories exposed, organizations running Tomcat need to patch immediately to avoid significant breaches.
Additionally, CVE-2025-55754 poses a low severity risk through improper handling of ANSI escape sequences in log messages, which could permit console and clipboard manipulation on Windows systems. Although the threat level is lower, its potential for abuse in console-heavy environments adds a layer of risk when combined with other vulnerabilities. Users are advised to upgrade to versions 11.0.11, 10.1.45, or 9.0.109 or later to rectify these issues and enhance overall security measures against common exploits.
👉 Pročitaj original: Cyber Security News
