CVE-2025-64775

CWE-4596 documents6 sources
Severity
7.5HIGH
EPSS
0.2%
top 58.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache StrutsApache Software Foundation Apache Struts
Timeline
PublishedDec 1

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/struts2.0.06.8.0+1
Mavenorg.apache.struts:struts2-core6.0.06.8.0+3
CVEListV5apache_software_foundation/apache_struts2.0.06.7.0+3

🔴Vulnerability Details

3
OSV
Apache Struts is Vulnerable to DoS via File Leak2025-12-01
GHSA
Apache Struts is Vulnerable to DoS via File Leak2025-12-01
CVEList
Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS)2025-12-01

📋Vendor Advisories

1
Red Hat
org.apache.struts/struts2-core: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS)2025-12-01

🕵️Threat Intelligence

1
Wiz
CVE-2025-66675 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-64775 (HIGH CVSS 7.5) | Denial of Service vulnerability in | cvebase.io