CVE-2025-68493

CVE-2025-68493: Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component

Vendor Apache Software Foundation

Product Apache Struts

Weakness CWE-611 · XXE

Published January 11, 2026

Last update March 11, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Key dates

Disclosure timeline

January 11, 2026 CVE published

March 11, 2026 Record updated

Identifiers

CVE CVE-2025-68493

CWE CWE-611

Affected versions

Vendor Apache Software Foundation

Product Apache Struts

Affected ≥ 2.0.0 and < 2.2.1

Vendor Apache Software Foundation

Product Apache Struts

Affected ≥ 2.2.1 and ≤ 6.1.0