VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-core@7.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-95ts-vpk6-uubg Aliases: CVE-2025-66675 GHSA-rg58-xhh7-mqjw	Apache Struts has a Denial of Service vulnerability Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.	7.1.1 Affected by 0 other vulnerabilities.
VCID-j8jv-hzsy-nyec Aliases: CVE-2025-64775 GHSA-xx7v-hqxh-cjr9	Apache Struts is Vulnerable to DoS via File Leak Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.	7.1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-95ts-vpk6-uubg
Aliases:
CVE-2025-66675
GHSA-rg58-xhh7-mqjw

Apache Struts has a Denial of Service vulnerability Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

7.1.1
Affected by 0 other vulnerabilities.

VCID-j8jv-hzsy-nyec
Aliases:
CVE-2025-64775
GHSA-xx7v-hqxh-cjr9

Apache Struts is Vulnerable to DoS via File Leak Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

7.1.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:02:17.992842+00:00	GitLab Importer	Affected by	VCID-95ts-vpk6-uubg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2025-66675.yml	38.4.0
2026-04-12T01:25:18.971462+00:00	GitLab Importer	Affected by	VCID-95ts-vpk6-uubg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2025-66675.yml	38.3.0
2026-04-03T01:33:57.135859+00:00	GitLab Importer	Affected by	VCID-95ts-vpk6-uubg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2025-66675.yml	38.1.0
2026-04-01T16:07:18.543317+00:00	GHSA Importer	Affected by	VCID-95ts-vpk6-uubg	https://github.com/advisories/GHSA-rg58-xhh7-mqjw	38.0.0
2026-04-01T16:07:13.056555+00:00	GHSA Importer	Affected by	VCID-j8jv-hzsy-nyec	https://github.com/advisories/GHSA-xx7v-hqxh-cjr9	38.0.0
2026-04-01T12:53:29.755092+00:00	GitLab Importer	Affected by	VCID-95ts-vpk6-uubg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2025-66675.yml	38.0.0