Versions Compared

Old Version 6

changes.mady.by.user Lukasz Lenart

Saved on

compared with

New Version Current

changes.mady.by.user Lukasz Lenart

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Denial of service

Maximum security rating

Important

Recommendation

Upgrade to Struts 6.8.0 or 7.1.1 at least

Affected Software

  • Struts 2.0.0 through Struts 2.3.37 (EOL)
  • Struts 2.5.0 through Struts 2.5.33 (EOL)
  • Struts 6.0.0 through Struts 6.7.4
  • Struts 7.0.0 through Struts 7.0.3

Reporters

Nicolas Fournier

CVE Identifier

CVE-2025-64775

Problem

File If support for file upload is enabled, file leak in multipart request processing causes disk exhaustion.

...

Define a temporary folder used to store uploaded files with limited size or on the dedicated volume which won't affect system files. Or disable file upload support in the framework if not used.