High severityOSV Advisory· Published Dec 10, 2025· Updated Dec 10, 2025
Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed
CVE-2025-66675
Description
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.
This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.
Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.struts:struts2-coreMaven | >= 2.0.0, < 6.8.0 | 6.8.0 |
org.apache.struts:struts2-coreMaven | >= 7.0.0, < 7.1.1 | 7.1.1 |
Affected products
2Patches
Vulnerability mechanics
References
5- cwiki.apache.org/confluence/display/WW/S2-068ghsavendor-advisoryWEB
- github.com/advisories/GHSA-rg58-xhh7-mqjwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66675ghsaADVISORY
- cve.org/CVERecordghsarelatedWEB
- github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468ghsaWEB
News mentions
0No linked articles in our index yet.