¡¾·ì϶¹«¸æ¡¿Apache Tomcat Ŀ¼±éÀú·ì϶(CVE-2025-55752)

°ä²¼¹¦·ò 2025-10-28

Ò»¡¢¡¢ ¡¢·ì϶¸ÅÊö


·ì϶Ãû³Æ

Apache Tomcat Ŀ¼±éÀú·ì϶

CVE   ID

CVE-2025-55752

·ì϶ÀàÐÍ

Ŀ¼±éÀú

·¢ÏÖ¹¦·ò

2025-10-28

·ì϶ÆÀ·Ö

7.5

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

µÍ

ÀûÓÃÄѶÈ

¸ß

Óû§½»»¥

²»±ØÒª

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Apache TomcatÊÇÒ»¸ö¿ªÔ´µÄÀûÓ÷þÎñÆ÷£¬£¬£¬ÖØÒªÓÃÓÚÔËÐÐJava ServletºÍJavaServer Pages( Apache Tomcat <= 11.0.10

10.1.0-M1 <= Apache Tomcat <= 10.1.44
9.0.0.M11 <= Apache Tomcat <= 9.0.108


Èý¡¢¡¢ ¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


apache¹Ù·½ÒÑ°ä²¼ÐÞ¸´²¹¶¡£¡£¡£¬£¬£¬ÒÔÐÞ¸´¸Ã·ì϶¡£¡£¡£
Apache Tomcat >= 11.0.11
Apache Tomcat >= 10.1.45
Apache Tomcat >= 9.0.109


ÏÂÔØÁ´½Ó£º£ºhttps://tomcat.apache.org/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£¡£¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¬£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÖÆ£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬¹Ø±Õ·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢¡¢ ¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÖƺÍ×îСȨÏÞ×¼Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog/