Apache Struts is Vulnerable to DoS via File Leak

GHSA-xx7v-hqxh-cjr9 · CVE-2025-64775

Published Dec 1, 2025 · Modified Dec 3, 2025

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Ready to move

Free, no credit card | First findings in minutes