CVE-2025-54656

Name of the Vulnerable Software and Affected Versions Apache Struts Extras versions prior to 2

Description This issue involves improper output neutralization for logs in Apache Struts Extras. When using LookupDispatchAction, untrusted input may be printed to logs without filtering. This can lead to log output where part of the message appears as a separate log line, potentially confusing log consumers. The project is retired and will not receive a fix for this issue.

Recommendations Users are recommended to find an alternative or restrict access to the instance to trusted users.