Apache Struts has a Denial of Service vulnerability

GHSA-rg58-xhh7-mqjw · CVE-2025-66675

Published Dec 10, 2025 · Modified Dec 10, 2025

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Ready to move

Free, no credit card | First findings in minutes