Apache Tomcat October Vulnerability Security Update Advisory

Oct 29 2025

Overview

Apache Tomcat(https://tomcat.apache.org/) has released a security update that addresses a vulnerability in its shipped products. Users of affected products are advised to update to the latest version.

Affected Products

Apache Tomcat 9.0.40 – 9.0.108

Apache Tomcat 9.0.0.M11 – 9.0.108

Apache Tomcat 9.0.0.M1 – 9.0.109

Apache Tomcat 11.0.0-M1 – 11.0.11

Apache Tomcat 11.0.0-M1 – 11.0.10

Apache Tomcat 10.1.0-M1 – 10.1.46

Apache Tomcat 10.1.0-M1 – 10.1.44

Resolved Vulnerabilities

Remote code execution vulnerability in Apache Tomcat (CVE-2025-55752, CVSS 7.5)

Denial of Service Attack Vulnerability in Apache Tomcat (CVE-2025-61795, CVSS 5.3)

Console manipulation vulnerability in Apache Tomcat via escape sequences in log messages caused by crafted URLs (CVE-2025-55754)

Vulnerability Patches

Please follow the security advisory published on October 27, 2025 to update to the applicable version and the latest version.

Apache Tomcat 9.1.109

Apache Tomcat 9.0.110

Apache Tomcat 11.0.12

Apache Tomcat 11.0.11

Apache Tomcat 10.1.47

Apache Tomcat 10.1.45

Referenced Sites

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55752

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55754

[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61795

[4] https://tomcat.apache.org/security

Apache Tomcat October Vulnerability Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

ManageEngine (ADManager Plus) Products October 2025 Security Update Advisory

IBM Product Security Update Advisory (CVE-2025-36007)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

ManageEngine (ADManager Plus) Products October 2025 Security Update Advisory

IBM Product Security Update Advisory (CVE-2025-36007)