CVE-2025-55752— Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-55752
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled
Source: NVD (National Vulnerability Database)
Vulnerability Description
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
相对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Tomcat 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat存在安全漏洞,该漏洞源于URL重写规则存在路径遍历问题,可能导致绕过安全限制和远程代码执行。以下版本受到影响:11.0.0-M1版本至11.0.10版本、10.1.0-M1版本至10.1.44版本、9.0.0.M11版本至9.0.108版本和8.5.6版本至8.5.100版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Tomcat | 11.0.0-M1 ~ 11.0.10 | - |
II. Public POCs for CVE-2025-55752
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | CVE-2025-55752, Apache Tomcat that allows directory traversal via URL rewrite, and under certain conditions, leads to remote code execution (RCE) if HTTP PUT is enabled. | https://github.com/TAM-K592/CVE-2025-55752 | POC Details |
| 2 | None | https://github.com/masahiro331/CVE-2025-55752 | POC Details |
| 3 | CVE-2025-55752 | https://github.com/B1ack4sh/Blackash-CVE-2025-55752 | POC Details |
| 4 | 基于 Docker 的重现环境,用于复现 Apache Tomcat 10.1.44 中的路径遍历漏洞 CVE-2025-55752。本实验场景可以复现官网报道的RCE | https://github.com/AuroraSec-Pivot/CVE-2025-55752 | POC Details |
| 5 | CVE-2025-55752 | https://github.com/Ashwesker/Blackash-CVE-2025-55752 | POC Details |
| 6 | None | https://github.com/Jimmy01240397/CVE-2025-55752 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-55752
请登录查看更多情报信息。
Same Patch Batch · Apache Software Foundation · 2025-10-27 · 3 CVEs total
| CVE-2025-55754 | Apache Tomcat: console manipulation via escape sequences in log messages | |
| CVE-2025-61795 | Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS |
IV. Related Vulnerabilities
Same product: Apache Tomcat
- CVE-2026-34500
Apache Tomcat: OCSP checks sometimes soft-fail with FFM even - CVE-2026-34487
Apache Tomcat: Cloud membership for clustering component exp - CVE-2026-34486
Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of Encr - CVE-2026-34483
Apache Tomcat: Incomplete escaping of JSON access logs - CVE-2026-32990
Apache Tomcat: Fix for CVE-2025-66614 is incomplete
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-23
- CVE-2026-8209
Gibbon<30.0.01路径遍历漏洞导致拒绝服务 - CVE-2026-43533
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot M - CVE-2026-43616
Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write - CVE-2026-42085
OpenC3 COSMOS: Arbitrary write to plugins directory via path - CVE-2026-22070
ColorOS Assistant Path Traversal Vulnerability
V. Comments for CVE-2025-55752
No comments yet