[CIVN-2025-0285] Multiple Vulnerabilities in Apache Tomcat
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Apache Tomcat
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Apache Tomcat version 11.0.0-M1 to 11.0.10
Apache Tomcat version 10.1.0-M1 to 10.1.43
Apache Tomcat version 9.0.0-M11 to 9.0.108
Overview
Multiple vulnerabilities have been reported in Apache Tomcat, which could allow an attacker to execute arbitrary code, cause denial of service and disclose sensitive information on a targeted system under specific configurations.
Target Audience:
All end-user organisations and individuals responsible for maintaining and updating Apache Tomcat.
Risk Assessment:
High risk of system compromise.
Impact Assessment:
Potential for denial of service and sensitive information disclosure.
Description
Apache Tomcat is an open-source web server and servlet container that runs Java-based web applications.
Multiple vulnerabilities have been identified in Apache Tomcat due to its failure to escape ANSI escape sequences in log messages and a regression introduced while fixing a previous bug, where the rewritten URL was normalized before being decoded.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause denial of service and disclose sensitive information on a targeted system under specific configurations.
Solution
Apply appropriate fixes as mentioned in the Apache Tomcat Security Advisory:
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109
Vendor Information
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109
References
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109
CVE Name
CVE-2025-55752
CVE-2025-55754
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkErV0ACgkQ3jCgcSdc
ys9LAw//dFW+e4s9TyGkag/2K5Eb636yfxU6/qfgUV1fmTdp8aY5yaWaM2+INpWB
GbgEMyh2M046u4GdUbw+d8Q7nA8r+pznB2MUShRuPBMoE7zkvxTgFkdZO0JU/xOY
O4WhLN/1BB/jMP/MUjNDAXI1t9b7b/3+zNHXvLlVLWHnFVFJTbHZAna9BtP954R+
DUkUh4Ob/AKDaWTAKWUHavhHG+t0CCV2cswWp8bH7pZfBSoRkC2WyNM2YEcaiQB+
7aji+URshsYz9C07mPi6VJBZlYCD3BsIcrmktgZm0dnzr2PpOjKYgpF8RnUZS0mL
bIGJuBqYAOqE0e76Klm0uYI2FDxqp0VXX5kozOMZBY+Mtg+my0k4OYoKVaZuO+VU
SckF30LQ4jqLds0YH0lIlFTK/yUqR4v+rYUfCS2lWDgouwwF4BQMf1Y9sk9ymKuy
XVg5S1XTV5m53sHSzzlxjA85v5wBia8eHRgYRIvniqEfo3HIiWwKDyZn86E50GAm
akQbd2ly14nvppKmfs6kKZtfYrHIUDfW4C//qPJnWOZlMWOx3Xo2qQPkNzMeo4Ve
Duv65h7F55K9SugIHLofhbD6Bn73fBhpXVBqG3+6tfDbp0btTmEtqi8DRYdOiOZD
/n6QjP20k0bJg+cgrV+r5lYPSdeIn0HSHQdJ6n8Acd/YSgBop6o=
=5+W0
—–END PGP SIGNATURE—–
![[CIVN-2025-0288] Multiple Vulnerabilities in Google Chrome for Desktop](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
