CVE-2025-55754

🗓️ 27 Oct 2025 17:29:50Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 53 Views

Tomcat logs fail to escape ANSI sequences, enabling console and clipboard manipulation via crafted URLs on Windows.

Reporter	Title	Published	Views	Family All 196
IBM Security Bulletins	Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.	24 Mar 202613:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	1 Dec 202516:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	9 Dec 202515:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4	23 Apr 202612:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat (CVE-2025-55752, CVE-2025-55754, CVE-2025-61795)	27 Feb 202615:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management	10 Apr 202614:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-55752,CVE-2025-55754 & CVE-2025-61795)	18 Nov 202515:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities	6 Mar 202616:04	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of Apache tomcat, IBM webMethods Integration is affected by some vulnerabilities	14 Nov 202509:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Automation Decision Services for April 2026- Multiple CVEs addressed	8 May 202606:45	–	ibm

NVD

Vulners

Node

apache tomcatRange8.5.60–8.5.100

apache tomcatRange9.0.40–9.0.109

apache tomcatRange10.0.0–10.0.27

apache tomcatRange10.1.0–10.1.45

apache tomcatRange11.0.0–11.0.11

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.10",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.44",
        "status": "affected",
        "version": "10.1.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.108",
        "status": "affected",
        "version": "9.0.40",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.100",
        "status": "affected",
        "version": "8.5.60",
        "versionType": "semver"
      },
      {
        "lessThan": "8.5.0",
        "status": "unknown",
        "version": "3",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.0.27",
        "status": "unknown",
        "version": "10.0.0-M1",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
openwall	www.openwall.com/lists/oss-security/2025/10/27/5
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-032379.html

12 May 2026 13:17Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.19.6

EPSS0.00135

SSVC

CWE-150