• 漏洞编号：CVE-2025-68493
• 漏洞等级：高危
• 漏洞标签：Disclosure of Data, Denial of Service, Server Side Request Forgery
• 发布时间：暂无

漏洞描述

Parsing of XML configuration in XWork component does not validate XML in proper way and it's vulnerable to XML external entity \(XXE\) injection.

修复建议

Upgrade to Struts 6.1.1 at least.

参考链接

https://cwiki.apache.org/confluence/display/WW/S2-069