CVE-2025-68493

HIGH8.1EPSS 0.03%

Apache Struts 2 is Missing XML Validation

發布日:2026/1/11修改日:2026/2/3

描述

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

受影響套件(3)

Maven/com.opensymphony:xwork>= 2.0.0
Maven/org.apache.struts:struts2-core>= 2.0.0, <= 2.3.37
Maven/org.apache.struts.xwork:xwork-core>= 2.2.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-68493
PATCHhttps://github.com/apache/struts
WEBhttps://cwiki.apache.org/confluence/display/WW/S2-069
WEBhttp://www.openwall.com/lists/oss-security/2026/01/11/2