VYPR
High severityNVD Advisory· Published Dec 1, 2025· Updated Dec 1, 2025

Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS)

CVE-2025-64775

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.struts:struts2-coreMaven
>= 6.0.0, < 6.8.06.8.0
org.apache.struts:struts2-coreMaven
>= 7.0.0, < 7.1.17.1.1
org.apache.struts:struts2-coreMaven
>= 2.0.0, <= 2.3.37
org.apache.struts:struts2-coreMaven
>= 2.5.0, <= 2.5.33

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.