Main Vulnerability Database Vulnerabilities #VU117681

#VU117681 Path traversal in Apache Tomcat - CVE-2025-55752

Published: October 27, 2025 / Updated: October 31, 2025

Vulnerability identifier: #VU117681

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2025-55752

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Apache Tomcat

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via Rewrite Valve. A remote attacker can send a specially crafted HTTP PUT request and write arbitrary files to the server, leading to remote code execution.

Remediation

Install updates from vendor's website.

External links

https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45
https://lists.apache.org/thread/2fbxt6dpjnpvgn4mkxt6mzvkhnno1yy9

#VU117681 Path traversal in Apache Tomcat - CVE-2025-55752

Description

Remediation

External links

Please verify you're human