CVE-2025-55752

🗓️ 27 Oct 2025 17:29:56Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 12 Media mentions👁 477 Views

CVE-2025-55752: Tomcat directory traversal via rewrite with possible remote code execution if PUT is enabled.

Reporter	Title	Published	Views	Family All 287
IBM Security Bulletins	Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.	24 Mar 202613:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	1 Dec 202516:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	9 Dec 202515:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4	23 Apr 202612:28	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in tomcat affects IBM Netezza Appliance	3 Jun 202610:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by multiple Apache Tomcat vulnerabilities (CVE-2025-55752, CVE-2025-61795)	12 Dec 202520:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat (CVE-2025-55752, CVE-2025-55754, CVE-2025-61795)	27 Feb 202615:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management	10 Apr 202614:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-55752,CVE-2025-55754 & CVE-2025-61795)	18 Nov 202515:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability intomcat-embed-core-10.1.42.jar	4 Feb 202622:39	–	ibm

NVD

Vulners

Vulnrichment

Node

apache tomcatRange8.5.6–8.5.100

apache tomcatRange9.0.1–9.0.109

apache tomcatRange10.0.0–10.0.27

apache tomcatRange10.1.0–10.1.45

apache tomcatRange11.0.0–11.0.11

apache tomcatMatch9.0.0-

apache tomcatMatch9.0.0milestone11

apache tomcatMatch9.0.0milestone12

apache tomcatMatch9.0.0milestone13

apache tomcatMatch9.0.0milestone14

apache tomcatMatch9.0.0milestone15

apache tomcatMatch9.0.0milestone16

apache tomcatMatch9.0.0milestone17

apache tomcatMatch9.0.0milestone18

apache tomcatMatch9.0.0milestone19

apache tomcatMatch9.0.0milestone20

apache tomcatMatch9.0.0milestone21

apache tomcatMatch9.0.0milestone22

apache tomcatMatch9.0.0milestone23

apache tomcatMatch9.0.0milestone24

apache tomcatMatch9.0.0milestone25

apache tomcatMatch9.0.0milestone26

apache tomcatMatch9.0.0milestone27

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.10",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.44",
        "status": "affected",
        "version": "10.1.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.108",
        "status": "affected",
        "version": "9.0.0.M11",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.100",
        "status": "affected",
        "version": "8.5.6",
        "versionType": "semver"
      },
      {
        "lessThan": "8.5.0",
        "status": "unknown",
        "version": "3",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.0.27",
        "status": "unknown",
        "version": "10.0.0-M1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-032379.html
openwall	www.openwall.com/lists/oss-security/2025/10/27/4
vicarius	www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability
vicarius	www.vicarius.io/vsociety/posts/cve-2025-55752-mitigate-apache-tomcat-vulnerability

17 Jun 2026 09:42Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.73974

SSVC

CWE-23