By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
View all Vulnerabilities

CVE-2025-55752

Path Traversal
Affects
Apache Tomcat
in
Apache Tomcat
No items found.
Versions
>=8.5.6 <=8.5.100, >=9.0.0.M11 <9.0.109, >=10.1.0-M1 <10.1.45, >=11.0.0-M1 <11.0.11
Exclamation circle icon
Patch Available

This Vulnerability has been fixed in the Never-Ending Support (NES) version offered by HeroDevs.

View NES Solution

Overview

Apache Tomcat is an open-source web server and servlet container developed by the Apache Software Foundation. It implements several Java Enterprise Edition (Java EE) specifications including Java Servlet, JavaServer Pages (JSP), and WebSocket, allowing it to run Java web applications. Tomcat is widely used in both development and production environments due to its lightweight nature, ease of configuration, and compatibility with various Java applications. 

A Path Traversal vulnerability (CVE-2025-55752) has been identified in Apache Tomcat. A bugfix caused this regression where the rewritten URL gets normalized before being decoded.

The Open Web Application Security Project (OWASP) explains that Path Traversal attacks aim to access files and directories that are outside the web root folder.

This issue affects multiple versions of Apache Tomcat below 11.0.11.

Details

Module Info

  • Product: Apache Tomcat
  • Affected packages: tomcat, tomcat-catalina, tomcat-embed-core
  • Affected versions: >=8.5.6 <=8.5.100, >=9.0.0.M11 <9.0.109, >=10.1.0-M1 <10.1.45, >=11.0.0-M1 <11.0.11
  • GitHub repository: https://github.com/apache/tomcat

Vulnerability Info

An attacker can exploit a vulnerable application through rewrite rules. In vulnerable applications, rewritten URLs are normalized before they are decoded. This made it possible for attackers to manipulate request URIs to bypass security constraints for files such as /WEB-INF/ and /META-INF/ through rewrite rules that rewrite query parameters to the URL.

Additionally, if PUT requests are enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulates the URI.

Mitigation

Only recent versions of Apache Tomcat are community-supported. The community support version will not receive any updates to address this issue. For more information, see here.

Users of the affected components should apply one of the following mitigations:

  • Upgrade to a patched version of Apache Tomcat.
  • Disable unnecessary PUT requests to minimize the attack potential and audit the permissions of users that can use PUT requests that may also be used in conjunction with rewrite rules.
  • Leverage a commercial support partner like HeroDevs for post-EOL security support.

Credit

  • Chumy Tsai (github.com/Jimmy01240397) @ CyCraft Technology Intern

Pink arrow
Pink arrow
CVE-2024-34750
CVE-2024-38286
CVE-2024-50379
CVE-2024-52316
CVE-2024-52317
CVE-2024-54677
CVE-2024-56337
CVE-2025-31650
CVE-2025-48988
CVE-2025-49124
CVE-2025-49125
CVE-2025-52434
CVE-2025-52520
CVE-2025-53506
CVE-2025-24813
CVE-2025-31651
CVE-2025-46701
CVE-2025-55752
CVE-2025-61795
CVE-2025-55754
What is a HeroDevs Security Advisory?
Vulnerability Details
ID
CVE-2025-55752
PROJECT Affected
Apache Tomcat
Versions Affected
>=8.5.6 <=8.5.100, >=9.0.0.M11 <9.0.109, >=10.1.0-M1 <10.1.45, >=11.0.0-M1 <11.0.11
Published date
November 7, 2025
≈ Fix date
October 15, 2025
Fixed in
NES for Apache Tomcat
Severity
Level
CVSS Assessment
Low
>=0 <4
Medium
>=4 <6
High
>=6 <8
Critical
>=8 <10
High
Category
Path Traversal
Sign up for the latest vulnerability alerts fixed in
NES for Apache Tomcat
Rss feed icon
Subscribe via RSS
or

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.