CVE-2025-55754 — Improper Neutralization of Escape, Meta, or Control Sequences in Apache Tomcat
Severity
9.6CRITICALNVD
EPSS
0.1%
top 67.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 27
Description
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.
Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While n…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0
Affected Packages2 packages
🔴Vulnerability Details
4GHSA▶
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences↗2025-10-27
OSV▶
CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat↗2025-10-27
OSV▶
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences↗2025-10-27