CVE-2025-55754
Apache Tomcat: console manipulation via escape sequences in log messagesImproper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.
We have discovered 3,461 live websites that are affected by CVE-2025-55754.
Affected Software
| Product |  Apache Tomcat |
| Category | Web Servers |
| Vulnerable Domains | 3,461 live websites (37% of Apache Tomcat install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 94 versions ( 25% of all versions) |
Common Weakness Enumeration
CWE-150 Improper Neutralization of Escape, Meta, or Control SequencesDetails
- Published - Oct 27, 2025
- Updated - Nov 4, 2025
Credits
- Elysee Franchuk of MOBIA Technology Innovations (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-55754 United States | 1,319 websites |
 China | 536 websites |
 Germany | 219 websites |
 Italy | 108 websites |
 France | 96 websites |
 GB | 91 websites |
 Hong Kong | 86 websites |
 India | 80 websites |
 Brazil | 77 websites |
Website Distribution by TLD
Number of websites using CVE-2025-55754| .com | 1,357 websites |
| .edu | 193 websites |
| .net | 179 websites |
| .de | 164 websites |
| .cn | 135 websites |
| .org | 113 websites |
| .com.br | 94 websites |
| .it | 87 websites |
| .com.cn | 58 websites |
| .fr | 40 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-55754
Top websites that are affected by CVE-2025-55754. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.***.edu | United States | *** | |
| **.***.*****.*****.***.com | United States | **,*** | |
| *****.********.com | United States | **,*** | |
| ****.***.hk | Hong Kong | **,*** | |
| ******.com | China | **,*** | |
| *****.*******.com | United States | **,*** | |
| ********.*********.com | United States | **,*** | |
| *********.com | United States | ***,*** | |
| *******.*********.com | United States | ***,*** | |
| ***.*********.com | GB | ***,*** |
FAQ
CVE-2025-55754 is Improper Neutralization of Escape, Meta, or Control Sequences in Apache Tomcat
A total of 3,461 websites have been identified as vulnerable to CVE-2025-55754, based on global website indexing conducted by WebTechSurvey.
The Apache Tomcat is affected by the CVE-2025-55754 vulnerability.
Apache Tomcat versions up to and including 9.0.108 are vulnerable to CVE-2025-55754.