[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-55754":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":35,"aliases":36,"duplicate_of":9,"upstream":39,"downstream":40,"duplicates":93,"related":94,"reserved_at":9,"published_at":122,"modified_at":123,"state":124,"summary":125,"references_raw":134,"kevs":187,"epss":188,"epss_history":191,"metrics":462,"affected":475},"CVE-2025-55754","Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat.\n\nTomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems.\n\n\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108.\n\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected.\nUsers are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-150","Improper Neutralization of Escape, Meta, or Control Sequences","The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.","weakness","Incomplete","Variant",[19,23,27,31],{"id":20,"name":21,"techniques":22},"CAPEC-134","Email Injection",[],{"id":24,"name":25,"techniques":26},"CAPEC-41","Using Meta-characters in E-mail Headers to Inject Malicious Payloads",[],{"id":28,"name":29,"techniques":30},"CAPEC-81","Web Server Logs Tampering",[],{"id":32,"name":33,"techniques":34},"CAPEC-93","Log Injection-Tampering-Forging",[],[],[37,38],"GHSA-vfww-5hm6-hx2j","BIT-tomcat-2025-55754",[],[41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91],{"_key":42},"SUSE-SU-2025:4086-1",{"_key":44},"SUSE-SU-2025:4184-1",{"_key":46},"DLA-4468-1",{"_key":48},"SUSE-SU-2025:4159-1",{"_key":50},"DSA-6120-1",{"_key":52},"DSA-6121-1",{"_key":54},"SUSE-SU-2025:21152-1",{"_key":56},"SUSE-SU-2026:20084-1",{"_key":58},"SUSE-SU-2025:4103-1",{"_key":60},"OPENSUSE-SU-2025:15716-1",{"_key":62},"OPENSUSE-SU-2025:15717-1",{"_key":64},"OPENSUSE-SU-2025:15718-1",{"_key":66},"OPENSUSE-SU-2025:20106-1",{"_key":68},"OPENSUSE-SU-2026:20034-1",{"_key":70},"SUSE-SU-2026:1058-1",{"_key":72},"OPENSUSE-SU-2026:20444-1",{"_key":74},"SUSE-SU-2026:20982-1",{"_key":76},"MGASA-2025-0250",{"_key":78},"DEBIAN-CVE-2025-55754",{"_key":80},"RHSA-2026:6569",{"_key":82},"RHSA-2026:8334",{"_key":84},"RHSA-2026:18536",{"_key":86},"RHSA-2026:18537",{"_key":88},"RHSA-2026:18916",{"_key":90},"RHSA-2026:2740",{"_key":92},"UBUNTU-CVE-2025-55754",[],[95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,112,114,116,118,120],{"_key":42},{"_key":44},{"_key":48},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":111},"CGA-C2WR-WCRX-X9FJ",{"_key":113},"CGA-Q8W7-95WV-GF7C",{"_key":115},"CGA-86PW-75P3-RGC3",{"_key":117},"CGA-8F6V-724M-6V95",{"_key":119},"CGA-MFFP-G3XG-8R68",{"_key":121},"CGA-WWPH-FXQ5-RJ2M","2025-10-27T17:29:50.756Z","2026-05-12T12:08:28.428Z","Modified",{"cisa_kev":126,"cisa_ransomware":126,"cisa_vendor":9,"epss_severity":127,"epss_score":128,"severity":129,"severity_score":130,"severity_version":131,"severity_source":132,"severity_vector":133,"severity_status":124},false,"low",0.00135,"critical",9.6,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",[135,144,149,154,158,162,166,171,175,179,183],{"url":136,"sources":137,"tags":140},"https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd",[132,138,139],"nvd","osv_maven",[141,142,143],"Vendor Advisory","Mailing List","WEB",{"url":145,"sources":146,"tags":147},"http://www.openwall.com/lists/oss-security/2025/10/27/5",[132,138,139],[142,148,143],"Third Party Advisory",{"url":150,"sources":151,"tags":152},"https://nvd.nist.gov/vuln/detail/CVE-2025-55754",[139],[153],"Advisory",{"url":155,"sources":156,"tags":157},"https://github.com/apache/tomcat/commit/138d7f5cfaae683078948303333c080e6faa75d2",[139],[143],{"url":159,"sources":160,"tags":161},"https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb",[139],[143],{"url":163,"sources":164,"tags":165},"https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5",[139],[143],{"url":167,"sources":168,"tags":169},"https://github.com/apache/tomcat",[139],[170],"PACKAGE",{"url":172,"sources":173,"tags":174},"https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.45",[139],[143],{"url":176,"sources":177,"tags":178},"https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.11",[139],[143],{"url":180,"sources":181,"tags":182},"https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.109",[139],[143],{"url":184,"sources":185,"tags":186},"https://cert-portal.siemens.com/productcert/html/ssa-032379.html",[132,138,139],[143],[],{"date":189,"score":128,"percentile":190},"2026-06-04",0.33079,[192,196,199,202,205,208,211,214,217,219,222,225,229,232,235,238,241,244,247,250,252,255,258,261,264,268,271,274,277,280,283,286,289,292,295,298,302,305,308,311,314,317,320,323,326,330,333,336,339,342,345,348,351,354,356,359,362,365,368,372,376,379,381,384,387,390,393,396,399,401,404,407,409,412,415,418,421,424,427,430,433,435,438,441,444,447,450,453,456,459],{"date":193,"score":194,"percentile":195},"2025-11-04",0.00042,0.12517,{"date":197,"score":194,"percentile":198},"2025-11-05",0.12544,{"date":200,"score":194,"percentile":201},"2025-11-06",0.12641,{"date":203,"score":194,"percentile":204},"2025-11-07",0.12651,{"date":206,"score":194,"percentile":207},"2025-11-08",0.12658,{"date":209,"score":194,"percentile":210},"2025-11-09",0.12638,{"date":212,"score":194,"percentile":213},"2025-11-10",0.12599,{"date":215,"score":194,"percentile":216},"2025-11-11",0.12614,{"date":218,"score":194,"percentile":213},"2025-11-12",{"date":220,"score":194,"percentile":221},"2025-11-13",0.12618,{"date":223,"score":194,"percentile":224},"2025-11-14",0.12633,{"date":226,"score":227,"percentile":228},"2025-11-15",0.00056,0.17532,{"date":230,"score":227,"percentile":231},"2025-11-16",0.17497,{"date":233,"score":227,"percentile":234},"2025-11-17",0.17464,{"date":236,"score":227,"percentile":237},"2025-11-18",0.13112,{"date":239,"score":227,"percentile":240},"2025-11-19",0.1313,{"date":242,"score":227,"percentile":243},"2025-11-20",0.13147,{"date":245,"score":227,"percentile":246},"2025-11-21",0.17481,{"date":248,"score":227,"percentile":249},"2025-11-22",0.17495,{"date":251,"score":227,"percentile":234},"2025-11-23",{"date":253,"score":227,"percentile":254},"2025-11-24",0.17428,{"date":256,"score":227,"percentile":257},"2025-11-25",0.17418,{"date":259,"score":227,"percentile":260},"2025-11-26",0.17414,{"date":262,"score":227,"percentile":263},"2025-11-27",0.17419,{"date":265,"score":266,"percentile":267},"2025-11-28",0.00063,0.19377,{"date":269,"score":266,"percentile":270},"2025-11-29",0.19368,{"date":272,"score":266,"percentile":273},"2025-11-30",0.19373,{"date":275,"score":266,"percentile":276},"2025-12-01",0.19417,{"date":278,"score":266,"percentile":279},"2025-12-02",0.1944,{"date":281,"score":266,"percentile":282},"2025-12-03",0.19457,{"date":284,"score":266,"percentile":285},"2025-12-04",0.19418,{"date":287,"score":266,"percentile":288},"2025-12-05",0.19467,{"date":290,"score":266,"percentile":291},"2025-12-06",0.19471,{"date":293,"score":266,"percentile":294},"2025-12-07",0.19458,{"date":296,"score":266,"percentile":297},"2025-12-08",0.19479,{"date":299,"score":300,"percentile":301},"2025-12-09",0.00076,0.23081,{"date":303,"score":300,"percentile":304},"2025-12-10",0.23153,{"date":306,"score":300,"percentile":307},"2025-12-11",0.23187,{"date":309,"score":300,"percentile":310},"2025-12-12",0.23195,{"date":312,"score":300,"percentile":313},"2025-12-13",0.23199,{"date":315,"score":300,"percentile":316},"2025-12-14",0.23164,{"date":318,"score":300,"percentile":319},"2025-12-15",0.2314,{"date":321,"score":300,"percentile":322},"2025-12-16",0.23163,{"date":324,"score":300,"percentile":325},"2025-12-17",0.23241,{"date":327,"score":328,"percentile":329},"2025-12-18",0.0009,0.26109,{"date":331,"score":328,"percentile":332},"2025-12-19",0.26118,{"date":334,"score":328,"percentile":335},"2025-12-20",0.26084,{"date":337,"score":328,"percentile":338},"2025-12-21",0.26034,{"date":340,"score":328,"percentile":341},"2025-12-22",0.25999,{"date":343,"score":328,"percentile":344},"2025-12-23",0.25966,{"date":346,"score":328,"percentile":347},"2025-12-24",0.25981,{"date":349,"score":328,"percentile":350},"2025-12-25",0.26055,{"date":352,"score":328,"percentile":353},"2025-12-26",0.26045,{"date":355,"score":328,"percentile":338},"2025-12-27",{"date":357,"score":328,"percentile":358},"2025-12-28",0.25919,{"date":360,"score":328,"percentile":361},"2025-12-29",0.2589,{"date":363,"score":328,"percentile":364},"2025-12-30",0.25889,{"date":366,"score":328,"percentile":367},"2025-12-31",0.25948,{"date":369,"score":370,"percentile":371},"2026-01-01",0.00074,0.22709,{"date":373,"score":374,"percentile":375},"2026-01-02",0.00054,0.17331,{"date":377,"score":266,"percentile":378},"2026-01-03",0.19853,{"date":380,"score":300,"percentile":319},"2026-01-04",{"date":382,"score":300,"percentile":383},"2026-01-05",0.23126,{"date":385,"score":300,"percentile":386},"2026-01-06",0.23138,{"date":388,"score":300,"percentile":389},"2026-01-07",0.23174,{"date":391,"score":300,"percentile":392},"2026-01-08",0.23222,{"date":394,"score":300,"percentile":395},"2026-01-09",0.23208,{"date":397,"score":300,"percentile":398},"2026-01-10",0.23192,{"date":400,"score":300,"percentile":322},"2026-01-11",{"date":402,"score":300,"percentile":403},"2026-01-12",0.23129,{"date":405,"score":300,"percentile":406},"2026-01-13",0.23105,{"date":408,"score":300,"percentile":316},"2026-01-14",{"date":410,"score":300,"percentile":411},"2026-01-15",0.23157,{"date":413,"score":300,"percentile":414},"2026-01-16",0.23189,{"date":416,"score":300,"percentile":417},"2026-01-17",0.23186,{"date":419,"score":300,"percentile":420},"2026-01-18",0.23131,{"date":422,"score":300,"percentile":423},"2026-01-19",0.23087,{"date":425,"score":300,"percentile":426},"2026-01-20",0.23056,{"date":428,"score":300,"percentile":429},"2026-01-21",0.23012,{"date":431,"score":300,"percentile":432},"2026-01-22",0.22994,{"date":434,"score":300,"percentile":301},"2026-01-23",{"date":436,"score":300,"percentile":437},"2026-01-24",0.23099,{"date":439,"score":300,"percentile":440},"2026-01-25",0.23014,{"date":442,"score":300,"percentile":443},"2026-01-26",0.2291,{"date":445,"score":300,"percentile":446},"2026-01-27",0.22899,{"date":448,"score":300,"percentile":449},"2026-01-28",0.229,{"date":451,"score":300,"percentile":452},"2026-01-29",0.22854,{"date":454,"score":300,"percentile":455},"2026-01-30",0.22851,{"date":457,"score":300,"percentile":458},"2026-01-31",0.22852,{"date":460,"score":266,"percentile":461},"2026-02-01",0.19608,[463,468,470],{"source":132,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":464,"cvss_v4_0":9},{"baseScore":130,"baseSeverity":465,"vectorString":133,"impactScore":466,"exploitabilityScore":467},"CRITICAL",10,7.2,{"source":138,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":469,"cvss_v4_0":9},{"baseScore":130,"baseSeverity":465,"vectorString":133,"impactScore":466,"exploitabilityScore":467},{"source":139,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":471,"cvss_v4_0":472},{"baseScore":130,"baseSeverity":9,"vectorString":133,"impactScore":466,"exploitabilityScore":467},{"baseScore":473,"baseSeverity":9,"vectorString":474,"impactScore":9,"exploitabilityScore":9},2.1,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",[476,500,522,538,546],{"ecosystem":9,"name":477,"vendor":478,"product":479,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"Apache Tomcat","apache software foundation","apache tomcat","a",[482,488,492,496],{"version":483,"is_range":484,"range_type":132,"version_start":485,"version_start_type":486,"version_end":487,"version_end_type":486,"fixed_in":9},">= 11.0.0-M1, \u003C= 11.0.10",true,"11.0.0-M1","including","11.0.10",{"version":489,"is_range":484,"range_type":132,"version_start":490,"version_start_type":486,"version_end":491,"version_end_type":486,"fixed_in":9},">= 10.1.0-M1, \u003C= 10.1.44","10.1.0-M1","10.1.44",{"version":493,"is_range":484,"range_type":132,"version_start":494,"version_start_type":486,"version_end":495,"version_end_type":486,"fixed_in":9},">= 9.0.40, \u003C= 9.0.108","9.0.40","9.0.108",{"version":497,"is_range":484,"range_type":132,"version_start":498,"version_start_type":486,"version_end":499,"version_end_type":486,"fixed_in":9},">= 8.5.60, \u003C= 8.5.100","8.5.60","8.5.100",{"ecosystem":9,"name":501,"vendor":9,"product":501,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":502},"Tomcat",[503,506,510,514,518],{"version":504,"is_range":484,"range_type":505,"version_start":498,"version_start_type":486,"version_end":499,"version_end_type":486,"fixed_in":9},"gte8.5.60_lte8.5.100","cpe",{"version":507,"is_range":484,"range_type":505,"version_start":494,"version_start_type":486,"version_end":508,"version_end_type":509,"fixed_in":9},"gte9.0.40_lt9.0.109","9.0.109","excluding",{"version":511,"is_range":484,"range_type":505,"version_start":512,"version_start_type":486,"version_end":513,"version_end_type":509,"fixed_in":9},"gte10.0.0_lt10.0.27","10.0.0","10.0.27",{"version":515,"is_range":484,"range_type":505,"version_start":516,"version_start_type":486,"version_end":517,"version_end_type":509,"fixed_in":9},"gte10.1.0_lt10.1.45","10.1.0","10.1.45",{"version":519,"is_range":484,"range_type":505,"version_start":520,"version_start_type":486,"version_end":521,"version_end_type":509,"fixed_in":9},"gte11.0.0_lt11.0.11","11.0.0","11.0.11",{"ecosystem":523,"name":524,"vendor":525,"product":526,"cpe_part":9,"purl_type":527,"purl_namespace":525,"purl_name":526,"source":9,"versions":528},"Maven","org.apache.tomcat:tomcat","org.apache.tomcat","tomcat","maven",[529,532,534,536],{"version":530,"is_range":484,"range_type":531,"version_start":485,"version_start_type":486,"version_end":521,"version_end_type":509,"fixed_in":9},"gte11_0_0_M1_lt11_0_11","ecosystem",{"version":533,"is_range":484,"range_type":531,"version_start":490,"version_start_type":486,"version_end":517,"version_end_type":509,"fixed_in":9},"gte10_1_0_M1_lt10_1_45",{"version":535,"is_range":484,"range_type":531,"version_start":494,"version_start_type":486,"version_end":508,"version_end_type":509,"fixed_in":9},"gte9_0_40_lt9_0_109",{"version":537,"is_range":484,"range_type":531,"version_start":498,"version_start_type":486,"version_end":499,"version_end_type":486,"fixed_in":9},"gte8_5_60_lte8_5_100",{"ecosystem":523,"name":539,"vendor":525,"product":540,"cpe_part":9,"purl_type":527,"purl_namespace":525,"purl_name":540,"source":9,"versions":541},"org.apache.tomcat:tomcat-catalina","tomcat-catalina",[542,543,544,545],{"version":530,"is_range":484,"range_type":531,"version_start":485,"version_start_type":486,"version_end":521,"version_end_type":509,"fixed_in":9},{"version":533,"is_range":484,"range_type":531,"version_start":490,"version_start_type":486,"version_end":517,"version_end_type":509,"fixed_in":9},{"version":535,"is_range":484,"range_type":531,"version_start":494,"version_start_type":486,"version_end":508,"version_end_type":509,"fixed_in":9},{"version":537,"is_range":484,"range_type":531,"version_start":498,"version_start_type":486,"version_end":499,"version_end_type":486,"fixed_in":9},{"ecosystem":523,"name":547,"vendor":548,"product":549,"cpe_part":9,"purl_type":527,"purl_namespace":548,"purl_name":549,"source":9,"versions":550},"org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed","tomcat-embed-core",[551,552,553,554],{"version":530,"is_range":484,"range_type":531,"version_start":485,"version_start_type":486,"version_end":521,"version_end_type":509,"fixed_in":9},{"version":533,"is_range":484,"range_type":531,"version_start":490,"version_start_type":486,"version_end":517,"version_end_type":509,"fixed_in":9},{"version":535,"is_range":484,"range_type":531,"version_start":494,"version_start_type":486,"version_end":508,"version_end_type":509,"fixed_in":9},{"version":537,"is_range":484,"range_type":531,"version_start":498,"version_start_type":486,"version_end":499,"version_end_type":486,"fixed_in":9}]