CVE-2025-68493

medium Apache
EPSS Score
23.1%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Published: January 11, 2026 (180 days ago)
Last Modified: June 30, 2026
Vendor: Apache
Source: MITRE

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

CWE

CWE-611

Affected Products

Apache Software Foundation Apache Struts

References