Apache Tomcat CVEs 2025-55752 & 55754 – Directory Traversal and Log Exposure Risks
Category:Vulnerabilities / Server
Two newly disclosed vulnerabilities, CVE-2025-55752 and CVE-2025-55754, affect Apache Tomcat servers. These flaws could allow unauthorized directory traversal and sensitive log exposure under specific configurations. Administrators are urged to patch immediately to prevent information disclosure or remote manipulation.
CORTEX Protocol Intelligence Assessment
Business Impact: Exposure of application logs may lead to data leakage of credentials or session tokens. Unpatched web servers risk exploitation through crafted URL requests. Technical Context: Directory traversal flaws affect request normalization routines in Tomcat's core servlet engine.
Strategic Intelligence Guidance
- Upgrade to the latest Tomcat patch release.
- Restrict access to application log directories.
- Review HTTP request normalization configurations.
- Implement reverse proxy sanitization of input paths.
CVEs
Vendors
Targets
Intelligence Source: CVE-2025-55752 and CVE-2025-55754: Apache Tomcat Vulnerabilities Exposed | Oct 30, 2025