CVE-2025-68493
HIGH WAF: High
CVSS 8.1
Published: 2026-01-11
CWE-611 CWE-611
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| apache | struts | 2.0.0 - 2.3.37 |
| apache | struts | 2.5.0 - 2.5.33 |
| apache | struts | 6.0.0 - 6.1.1 |
References
- cwiki.apache.org (Mailing List, Vendor Advisory)
- www.openwall.com (Mailing List, Third Party Advisory)