GHSA-rg58-xhh7-mqjw

Опубликовано: 10 дек. 2025

Источник: github

Github: Прошло ревью

CVSS3: 8.2

Описание

Apache Struts has a Denial of Service vulnerability

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Ссылки

Пакеты

Наименование

org.apache.struts:struts2-core

maven

Затронутые версииВерсия исправления

>= 2.0.0, < 6.8.0

6.8.0

Наименование

org.apache.struts:struts2-core

maven

Затронутые версииВерсия исправления

>= 7.0.0, < 7.1.1

7.1.1

EPSS

Процентиль: 31%

0.00118

Низкий

8.2 High

CVSS3

CVE ID

CVE-2025-66675

Дефекты

CWE-459

Связанные уязвимости

CVE-2025-66675

CVSS3: 8.2

nvd

2 месяца назад

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4

CVE-2025-66675

CVSS3: 8.2

debian

2 месяца назад

Denial of Service vulnerability in Apache Struts, file leak in multipa ...

EPSS

Процентиль: 31%

0.00118

Низкий

8.2 High

CVSS3

CVE ID

CVE-2025-66675

Дефекты

CWE-459