Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical and high-severity vulnerabilities in Apache Tomcat could lead to RCE and console manipulation, Patch Immediately!
Image
Published : 30/10/2025
- Last update: 30-10-2025
- Affected software:
→ Apache Tomcat versions 9, 10, 11- Type:
→ Path Traversal vulnerability (CVE-2025-55752)
→ Improper Neutralization of Escape, Meta, or Control Sequences vulnerability (CVE-2025-55754)
→ Improper Resource Shutdown or Release vulnerability (CVE-2025-61795)- CVE/CVSS
→ CVE-2025-55752: 7.5 HIGH (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-55754: 9.6 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
→ CVE-2025-61795: 5.3 MEDIUM (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Sources
https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog
https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
https://lists.apache.org/thread/wm9mx8brmx9g4zpywm06ryrtvd3160pp
Risks
A critical (CVE-2025-55754) and high-severity (CVE-2025-55752) vulnerability exists in Apache Tomcat versions 9, 10, 11. If left unpatched, affected instances are vulnerable to possible RCE (if PUT is enabled) and console manipulation with possible high impact on confidentiality, integrity and availability of data and systems.
Update 30/10/2025: For the CVE-2025-55752, a proof-of-concept (PoC) exploit has been published. The Centre for Cybersecurity Belgium assesses exploitation is likely to take place in the near future.
In addition, versions 9, 10, 11 of Apache Tomcat also contain a medium-severity (CVE-2025-61795) vulnerability which exposes vulnerable instances to denial-of-service (DoS) with high impact on availability of data and systems.
CVE-2025-55754 and CVE-2025-55752 are patched in versions 11.0.11 or later, 10.1.45 or later or 9.0.109 or later.
CVE-2025-61795 is patched via version 11.0.12 or later, 10.1.47 or later or 9.0.110.
Description
CVE-2025-55752 is a "Relative Path Traversal" vulnerability and could allow an attacker to manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled (normally limited to trusted users only), malicious files could be uploaded leading to remote code execution (RCE).
CVE-2025-55754 is an "Improper Neutralization of Escape, Meta, or Control Sequences" vulnerability and could allow an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command.
CVE-2025-61795 is an "Improper Resource Shutdown or Release" vulnerability and could lead to a denial-of-service (DoS) when the cleaning of multi-part upload temporary files is delayed (could be triggered when the space for the temporary copies of uploaded parts would be filled faster than the garbage collection cleared it).
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://app.opencve.io/cve/CVE-2025-55752
https://app.opencve.io/cve/CVE-2025-55754
https://app.opencve.io/cve/CVE-2025-61795