¡¾·ì϶¹«¸æ¡¿Apache Tomcat°²È«Ô¼ÊøÈƹý·ì϶ (CVE-2025-49125)

°ä²¼¹¦·ò 2025-06-17

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Apache Tomcat°²È«Ô¼ÊøÈƹý·ì϶

CVE   ID

CVE-2025-49125

·ì϶ÀàÐÍ

½Ó¼û½ÚÔì·ì϶

·¢ÏÖ¹¦·ò

2025-06-17

·ì϶ÆÀ·Ö

ÔÝÎÞ

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Apache TomcatÊÇÒ»¸ö¿ªÔ´µÄJava ServletÈÝÆ÷ºÍWeb·þÎñÆ÷ £¬ÖØÒªÓÃÓÚÔËÐÐJavaÀûÓ÷¨Ê½ £¬³ö¸ñÊÇ»ùÓÚServletºÍ"text-wrap-mode: wrap;">? ¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔì £¬Åú¸Ä·À»ðǽսÊõ £¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ £¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø £¬Ï÷¼õ¹¥»÷Ãæ¡£

ʹÓÃÆóÒµ¼¶°²È«²úÆ· £¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí £¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò £¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://lists.apache.org/thread/m66cytbfrty9k7dc4cg6tl1czhsnbywk