CNNVD-202510-3509 Information

Oct 27, 2025 cve

CNNVD ID

CNNVD-202510-3509

CVE-2025-55754

CNNVD Published: 2025-10-27

Description (Chinese)

Apache Tomcat是美国阿帕奇（Apache）基金会的一款轻量级Web应用服务器。用于实现对Servlet和JavaServer Page（JSP）的支持。 Apache Tomcat存在安全漏洞，该漏洞源于未正确转义ANSI转义序列，可能导致攻击者注入特制URL操纵控制台和剪贴板。以下版本受到影响：11.0.0-M1版本至11.0.10版本、10.1.0-M1版本至10.1.44版本、9.0.40版本至9.0.108版本和8.5.60版本至8.5.100版本。

Description (English)

Apache Tomcat is a lightweight Web application server for the Apache Foundation in the United States. Support for Servlet and JavaServer Page (JSP). There is a security loophole in Apache Tomcat, which stems from an incorrect transposition of ANSI sequences, which could lead to the injection of a specially designed URL-operated console and clipboard by the attackers. The following versions were affected: 11.0.0-M1 to 11.0.10, 10.1.0-M1 to 10.1.44, 9.0.40 to 9.0.1008 and 8.5.60 to 8.5.100.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-10-27

Last Modified

2026-02-24

References

https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd https://access.redhat.com/security/cve/cve-2025-55754

Patch

https://tomcat.apache.org/

Share on: