CVE-2025-68493

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68493
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68493.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68493
Aliases
Published
2026-01-11T13:15:45.610Z
Modified
2026-01-18T03:45:27.414950Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type
GIT
Repo
https://github.com/apache/struts
Events
Introduced
68fb49c10e083dce829476778eec726fc90c8c38
Fixed
f5c0aa5f3ac7dce0c4e82092a8ff125c292f00f7

Affected versions

Other

STRUTS_6_0_0
STRUTS_6_0_1
STRUTS_6_0_2
STRUTS_6_0_3
STRUTS_6_1_0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68493.json"