¡¾·ì϶¹«¸æ¡¿Apache Tomcat Ŀ¼±éÀú·ì϶(CVE-2025-55752)

°ä²¼¹¦·ò 2025-10-28

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Apache Tomcat Ŀ¼±éÀú·ì϶

CVE   ID

CVE-2025-55752

·ì϶ÀàÐÍ

Ŀ¼±éÀú

·¢ÏÖ¹¦·ò

2025-10-28

·ì϶ÆÀ·Ö

7.5

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

µÍ

ÀûÓÃÄѶÈ

¸ß

Óû§½»»¥

²»±ØÒª

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Apache TomcatÊÇÒ»¸ö¿ªÔ´µÄÀûÓ÷þÎñÆ÷£¬£¬£¬£¬£¬ £¬£¬ÖØÒªÓÃÓÚÔËÐÐJava ServletºÍJavaServer Pages( Apache Tomcat <= 11.0.10

10.1.0-M1 <= Apache Tomcat <= 10.1.44
9.0.0.M11 <= Apache Tomcat <= 9.0.108


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


apache¹Ù·½ÒÑ°ä²¼½¨¸´²¹¶¡£¬£¬£¬£¬£¬ £¬£¬ÒÔ½¨¸´¸Ã·ì϶¡£¡£¡£¡£¡£¡£ ¡£¡£
Apache Tomcat >= 11.0.11
Apache Tomcat >= 10.1.45
Apache Tomcat >= 9.0.109


ÏÂÔØÁ´½Ó£ºhttps://tomcat.apache.org/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£¡£¡£¡£¡£¡£ ¡£¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬£¬£¬ £¬£¬Ï÷¼õϵͳ·ì϶£¬£¬£¬£¬£¬ £¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£¡£¡£¡£¡£ ¡£¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬£¬£¬£¬£¬ £¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬£¬£¬ £¬£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬£¬£¬ £¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬£¬£¬ £¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£¡£¡£¡£¡£ ¡£¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬£¬£¬ £¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£¡£¡£¡£¡£ ¡£¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬ £¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬£¬£¬£¬£¬ £¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£¡£¡£ ¡£¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£¡£¡£¡£¡£ ¡£¡£


3.4 ²Î¿¼Á´½Ó


https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog/