CVE-2025-64775
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-01
Last updated on: 2025-12-03
Assigner: Apache Software Foundation
Description
Description
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.
This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.
Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | struts | From 2.0.0 (inc) to 6.8.0 (inc) |
| apache | struts | From 7.0.0 (inc) to 7.1.1 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-459 | The product does not properly "clean up" and remove temporary or supporting resources after they have been used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Denial of Service (DoS) issue in Apache Struts where a file leak occurs during multipart request processing, which leads to disk exhaustion.
How can this vulnerability impact me? :
The vulnerability can cause denial of service by exhausting disk space, potentially making the affected Apache Struts server unavailable or unstable.
What immediate steps should I take to mitigate this vulnerability?
Users are recommended to upgrade Apache Struts to version 6.8.0 or 7.1.1, which fixes the issue.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70