HIGH🇵🇱 Wersja polska

CVE-2025-66675

CVSS 8.2v3.1pub. 2025-12-10upd. 2025-12-16

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related to  https://cve.org/CVERecord?id=CVE-2025-64775  - this CVE addresses missing affected version 6.7.4

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
  • Apache Struts

    APP
    Apache
    2.0.0 – 2.3.372.5.0 – 2.5.336.0.0 – 6.8.0 (bez)7.0.0 – 7.1.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2020-17530CRITICAL9.8⚠ KEVten sam produkt

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution....

CVE-2017-9791CRITICAL9.8⚠ KEVten sam produkt

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field v...

CVE-2017-5638CRITICAL9.8⚠ KEVten sam produkt

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect ex...

CVE-2013-2251CRITICAL9.8⚠ KEVten sam produkt

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a paramet...

CVE-2012-0391CRITICAL9.8⚠ KEVten sam produkt

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressio...