- 238/2025
- Critical
Apache has released security updates to address multiple vulnerabilities affecting Apache Tomcat.
The addressed vulnerabilities could allow the attacker to perform denial-ofservice attacks, execute code, and gain access by sending a specially crafted URL to the affected system.
Sample of the addressed vulnerabilities:
1. Apache Tomcat Console Manipulation Via Escape Sequences in Log Messages Vulnerability (CVE-2025-55754):
- CVSS: 9.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Apache Tomcat Delayed Cleaning of Multipart Upload Temporary Files May Lead to DoS Vulnerability (CVE-2025-61795):
- CVSS: 5.3
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2025-55754
- CVE-2025-55752
- CVE-2025-61795
Mitigations
The enterprise should deploy this patch as soon as the testing phase is
completed.