¡¾·ì϶¹«¸æ¡¿Apache Tomcat Ŀ¼±éÀú·ì϶(CVE-2025-55752)

°ä²¼¹¦·ò 2025-10-28

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Apache Tomcat Ŀ¼±éÀú·ì϶

CVE   ID

CVE-2025-55752

·ì϶ÀàÐÍ

Ŀ¼±éÀú

·¢ÏÖ¹¦·ò

2025-10-28

·ì϶ÆÀ·Ö

7.5

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

µÍ

ÀûÓÃÄѶÈ

¸ß

Óû§½»»¥

²»±ØÒª

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Apache TomcatÊÇÒ»¸ö¿ªÔ´µÄÀûÓ÷þÎñÆ÷£¬ÖØÒªÓÃÓÚÔËÐÐJava ServletºÍJavaServer Pages( Apache Tomcat <= 11.0.10

10.1.0-M1 <= Apache Tomcat <= 10.1.44
9.0.0.M11 <= Apache Tomcat <= 9.0.108


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


apache¹Ù·½ÒÑ°ä²¼½¨¸´²¹¶¡£¬ÒÔ½¨¸´¸Ã·ì϶¡£
Apache Tomcat >= 11.0.11
Apache Tomcat >= 10.1.45
Apache Tomcat >= 9.0.109


ÏÂÔØÁ´½Ó£ºhttps://tomcat.apache.org/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬Ï÷¼õϵͳ·ì϶£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬Åú¸Ä·À»ðǽսÊõ£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬Ï÷¼õ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog/