PT-2025-50317 · Apache · Apache Struts

Nicolas Fournier

Published

2025-12-10

Updated

2026-01-17

CVE-2025-66675

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.7.4 Apache Struts versions 7.0.0 through 7.0.3

Description A denial of service issue exists in Apache Struts due to a file leak during multipart request processing, which can lead to disk exhaustion.

Recommendations Upgrade to Apache Struts version 6.8.0. Upgrade to Apache Struts version 7.1.1.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-459

Related Identifiers

CVE-2025-66675

GHSA-RG58-XHH7-MQJW

Affected Products

Apache Struts

PT-2025-50317 · Apache · Apache Struts

CVE-2025-66675

Weakness Enumeration

Related Identifiers

Affected Products

References · 11