VYPR
High severityOSV Advisory· Published Jan 11, 2026· Updated Mar 11, 2026

Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component

CVE-2025-68493

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.struts:struts2-coreMaven
>= 2.0.0, <= 2.3.37
org.apache.struts:struts2-coreMaven
>= 2.5.0, <= 2.5.33
org.apache.struts:struts2-coreMaven
>= 6.0.0, < 6.1.16.1.1
com.opensymphony:xworkMaven
>= 2.0.0
org.apache.struts.xwork:xwork-coreMaven
>= 2.2.1

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.