CVE-2025-66675

State: PUBLISHED · Published: 2025-12-10 · Updated: 2025-12-10 · Assigner: apache

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4

CWE

CWE-459 — CWE-459 Incomplete Cleanup

Affected

Apache Software Foundation / Apache Struts — v=2.0.0 ≤6.7.* [affected]; v=7.0.0 ≤7.0.* [affected]

CVSS

(none)

References

https://cwiki.apache.org/confluence/display/WW/S2-068 vendor-advisory
https://cve.org/CVERecord?id=CVE-2025-64775 related

Source

cvelistV5-main/cves/2025/66xxx/CVE-2025-66675.json