9.7

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-55754

GHSA ID

GHSA-vfww-5hm6-hx2j

EPSS Score

0.03428%

CWE

CWE-150

Published

10/27/2025

Updated

10/28/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-55754

CVE-2025-55754: Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.

The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-55754

CVE-2025-55754:

9.7

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-55754

GHSA ID

GHSA-vfww-5hm6-hx2j

EPSS Score

0.03428%

CWE

CWE-150

Published

10/27/2025

Updated

10/28/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tomcat:tomcat	maven	>= 11.0.0-M1, < 11.0.11	11.0.11
org.apache.tomcat:tomcat	maven	>= 10.1.0-M1, < 10.1.45	10.1.45
org.apache.tomcat:tomcat	maven	>= 9.0.0.40, < 9.0.109	9.0.109
org.apache.tomcat:tomcat	maven	>= 8.5.60, <= 8.5.100
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 11.0.0-M1, < 11.0.11	11.0.11
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 10.1.0-M1, < 10.1.45	10.1.45
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 9.0.0.40, < 9.0.109	9.0.109
org.apache.tomcat.embed:tomcat-embed-core	maven	>= 8.5.60, <= 8.5.100
org.apache.tomcat:tomcat-catalina	maven	>= 11.0.0-M1, < 11.0.11	11.0.11
org.apache.tomcat:tomcat-catalina	maven	>= 10.1.0-M1, < 10.1.45	10.1.45
org.apache.tomcat:tomcat-catalina	maven	>= 9.0.0.40, < 9.0.109	9.0.109
org.apache.tomcat:tomcat-catalina	maven	>= 8.5.60, <= 8.5.100

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.7

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-55754: Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

CVE-2025-55754:

9.7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-55754: Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences

Basic Information

Basic Information

9.7

9.7

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI