CVE-2025-68493
published 2026-01-11CVE-2025-68493: Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1…
high8.1CVSS 3.1
AVNACLPRNUIRSUCHINAH
Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | struts | 2.0.0 – 2.3.37 | — |
| apache | struts | 2.5.0 – 2.5.33 | — |
| apache | struts | >= 6.0.0 < 6.1.1 | 6.1.1 |
| apache_software_foundation | apache_struts | >= 2.0.0 < 2.2.1 | 2.2.1 |
| apache_software_foundation | apache_struts | 2.2.1 – 6.1.0 | — |