Severity: important Affected versions: - Apache Struts (org.apache.struts:struts2-core) 2.0.0 through 6.7.* - Apache Struts (org.apache.struts:struts2-core) 7.0.0 through 7.0.*
Description: Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4 Credit: Nicolas Fournier (reporter) References: https://cwiki.apache.org/confluence/display/WW/S2-068 https://cve.org/CVERecord?id=CVE-2025-64775 https://cve.org/CVERecord?id=CVE-2025-66675 https://struts.apache.org/ Kind regards Ćukasz --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
