CVE-2025-68493

Summary

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Struts2.0.0 < 2.2.1affected
Apache Software FoundationApache Struts2.2.1 <= 6.1.0affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

org.apache.struts: Apache Struts: Information disclosure and denial of service via missing XML validation

Additional References

References