Severity: important Affected versions:
- Apache Struts (org.apache.struts:struts2-core) 2.0.0 through 6.7.0 - Apache Struts (org.apache.struts:struts2-core) 7.0.0 through 7.0.3 Description: Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. Credit: Nicolas Fournier (reporter) References: https://cwiki.apache.org/confluence/display/WW/S2-068 https://struts.apache.org/ https://www.cve.org/CVERecord?id=CVE-2025-64775 On behalf of the Apache Struts project Łukasz Lenart --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
