← volver
CVE-2025-68493

Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component

CVSS 8.1 HIGHEPSS 22.5%CWE-611
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Productos afectados
Apache Software Foundation · Apache Struts

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cwiki.apache.org/confluence/display/WW/S2-069http://www.openwall.com/lists/oss-security/2026/01/11/2