Apache Tomcat Vulnerable to Relative Path Traversal — CVE-2025-55752

GitHub · GitHub · CVE-2025-55752

ID
CVE-2025-55752

Datum
2025-10-27

Aktualisiert
2026-05-13

Activity
2026-05-13

Quelle
GitHub

Vendor
GitHub

Risiko
high

CVSS
7.7

EPSS
0.00143

Zusammenfassung

The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading…

Produkt

maven: org.apache.tomcat:tomcat | maven: org.apache.tomcat:tomcat-catalina | maven: org.apache.tomcat.embed:tomcat-embed-core

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Mehr dazu

GitHub GitHub 2026-W20

Apache Tomcat Vulnerable to Relative Path Traversal — CVE-2025-55752

Zusammenfassung

Produkt

Was tun?

Offizielles Advisory

Mehr dazu

Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.11

Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.6.11

Authlib: Cross-site request forging when using cache

AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion

Important: firefox security update

Important: gimp:2.8 security update