CVE Tools
Sign in

CVE-2025-55752

Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled

Published: Oct 27, 2025Updated: May 12, 2026 Sources: CVE List NVD GHSA BDU csafCWE-23
NVD MITRE
7.5CVSSHIGH
EPSS Score
74.0%
Top 0.6%
CISA KEV
Not in KEV
Exploits
2 Known
Remediation
Patch Available

Description

Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query parameters to the URL, an attacker could manipulate the request URI to bypass security constraints including the protection for /WEB-INF/ and /META-INF/. If PUT requests were also enabled then malicious files could be uploaded leading to remote code execution. PUT requests are normally limited to trusted users and it is considered unlikely that PUT requests would be enabled in conjunction with a rewrite that manipulated the URI. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.0.M11 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.6 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

CVSS Vector Breakdown

AV:NAC:HPR:LUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:HAttack Complexity
High
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-23

Affected Products

tomcatapache
On-premWeb App
Networking Infrastructure / load-balancer-proxy
org.apache.tomcat:tomcatMavenOSS Libraries
org.apache.tomcat:tomcat-catalinaMavenOSS Libraries
org.apache.tomcat.embed:tomcat-embed-coreMavenOSS Libraries
РЕД ОСООО «Ред Софт»
On-premOS
Operating Systems / linux-distro
apacheoss-projectUSWeb & CMS Pluginsaka apache http server, apache httpd
mavenpackage-ecosystemOSS Libraries
ооо «ред софт»commercialRUOperating Systemsaka red soft
and 4 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

2 exploit sources identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available
Workaround Available

MITRE ATT&CK

1 technique
Discovery
View detailed technique mapping

References

https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog
lists.apache.org
http://www.openwall.com/lists/oss-security/2025/10/27/4
openwall.com
https://www.vicarius.io/vsociety/posts/cve-2025-55752-detect-apache-tomcat-vulnerability
vicarius.io
and 282 more references View all →

Timeline

Published
Oct 27, 2025
Last Updated
May 12, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-55752 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows