CVE-2025-64775

State: PUBLISHED · Published: 2025-12-01 · Updated: 2025-12-01 · Assigner: apache

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

CWE

CWE-459 — CWE-459 Incomplete Cleanup

Affected

Apache Software Foundation / Apache Struts — v=2.0.0 ≤6.7.0 [affected]; v=7.0.0 ≤7.0.3 [affected]

CVSS

(none)

References

https://cwiki.apache.org/confluence/display/WW/S2-068 vendor-advisory

Source

cvelistV5-main/cves/2025/64xxx/CVE-2025-64775.json