CVE-2025-68493

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.1.0

Description A missing XML validation issue exists in Apache Struts. This flaw, related to the XWork component, allows attackers to exploit external entity processing to read sensitive files, potentially trigger Server-Side Request Forgery (SSRF), or cause a denial-of-service. The issue affects Java web applications utilizing Apache Struts. Approximately 2.4 million instances are reportedly found online. The vulnerability allows attackers to access internal data and potentially compromise servers. The vulnerability is triggered through manipulation of the XML configuration parsing.

Recommendations Upgrade to version 6.1.1 to resolve the issue.