- Description
- Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- struts
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
#VulnerabilityReport #ApacheStruts2 The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data https://t.co/4loeHOuobR
@Komodosec
16 Feb 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-68493 in XWork allows XML External Entity attacks, enabling file leaks, SSRF, or system crashes. Patch to 6.1.1. Read more: https://t.co/C534Aj1W2w
@probablypwned
20 Jan 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apache Struts 2 の脆弱性 CVE-2025-68493 が FIX:機密データ窃取の可能性 https://t.co/nDVCQ8YFBe Java Web アプリケーション開発で長く愛用されてきた、Apache Struts 2 に深刻な脆弱性 CVE-2025-68493 が発見されました。この問題の
@iototsecnews
19 Jan 2026
155 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Outdated Apache Struts 2 versions with CVE-2025-68493 flaw see 387K+ weekly downloads. Vulnerability allows crafted input to cause system crashes via unsafe XML parsing in XWork. #ApacheStruts #Vulnerability #USA https://t.co/r6PMDosvU4
@TweetThreatNews
18 Jan 2026
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة Apache Struts 2 حرجة تسمح بسرقة البيانات 🛡️ رصد ثغرة XXE Injection (CVE-2025-68493) في Apache Struts 2، تستغل لسرقة بيانات حساسة وتعريض الملايين للخطر. التحديث العاجل ضروري
@MisbarSec
15 Jan 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerabilidad en productos Apache ❗ CVE-2025-68493 ➡️ Más info: https://t.co/Oxt4Neh2JN https://t.co/VQXytruh8r
@CERTpy
14 Jan 2026
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our team is researching a novel vulnerability analysis AI Agent🥳. This is (part of) its report on the 🚨CVE-2025-68493 Apache #Struts2 vulnerability🧐 https://t.co/XsR5C2wHO3
@Zeroverse_ai
14 Jan 2026
720 Impressions
5 Retweets
6 Likes
1 Bookmark
2 Replies
1 Quote
Our team is researching a novel vulnerability analysis AI Agent🥳. This is (part of) its report on the 🚨CVE-2025-68493 Apache Struts 2 vulnerability🧐 https://t.co/BWdfuKGKRO
@Zeroverse_ai
14 Jan 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our team is researching a novel vulnerability analysis AI Agent🥳. This is (part of) its report on the 🚨CVE-2025-68493 Apache Struts 2 vulnerability🧐 https://t.co/u0wi95gufz
@Zeroverse_ai
14 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Our team is researching a novel vulnerability analysis AI Agent🥳. This is (part of) its report on the 🚨CVE-2025-68493 Apache Struts 2 vulnerability🧐 https://t.co/ivG1CXEFox
@Zeroverse_ai
14 Jan 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Struts 2に重大な脆弱性(CVE-2025-68493) https://t.co/0g2zDheNup #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
14 Jan 2026
121 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Apache Struts 2 XXE Bug (CVE-2025-68493) Could Enable Data Theft and SSRF A high-severity XML External Entity (XXE) flaw in Apache Struts 2’s XWork component can be exploited with crafted XML to read local files/internal resources, trigger SSRF, and cause DoS. Upd
@ThreatSynop
14 Jan 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL ALERT: Apache Struts2 XXE Exposed (CVE-2025-68493) https://t.co/55SFvMaWDb discovered a high severity XXE vulnerability in XWork-Core allows threat actors steal files & trigger SSRF. The flaw was hidden in DomHelper's unconfigured SAX parser. ⚡ Discovere
@zast_ai
13 Jan 2026
78 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Another major framework, another hidden vulnerability missed by pattern matching. We just uncovered and disclosed a High-Severity XXE in Apache Struts2 (CVE-2025-68493) with our AI agent - https://t.co/sNLNjScHo3. The flaw was buried deep in DomHelper's unconfigured SAX parser.
@Bb1pKJl11k
13 Jan 2026
228 Impressions
1 Retweet
2 Likes
0 Bookmarks
1 Reply
1 Quote
XMLトラップ:Struts 2の重大な欠陥CVE-2025-68493がデータを公開 The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data #DailyCyberSecurity (Jan 12) https://t.co/eg1ESyi3g1
@foxbook
12 Jan 2026
375 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Critical Apache Struts 2 XXE Bug (CVE-2025-68493) Exposes Apps to Data Theft and SSRF A critical XXE injection flaw in Struts 2’s XWork XML configuration parsing affects Struts 2.0.0–2.3.37, 2.5.0–2.5.33, and 6.0.0–6.1.0, allowing attackers to read sensitive files an
@ThreatSynop
12 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kritik Apache Struts 2 Güvenlik Açığı: CVE-2025-68493. XXE zafiyeti, hassas veri sızıntısı ve sunucu ele geçirilmesine yol açabilir. Etkilenen sürümler derhal güncellenmeli. Acil eylem gerekiyor. #SiberGuvenlik #Apache #CVE https://t.co/JPRzbDA5IM
@osmanmuratgul
12 Jan 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68493: Critical XXE flaw in Apache Struts 2 could expose millions of apps to data theft and server compromise. Admins and developers urged to apply fixes and mitigations. #Vulnerability https://t.co/QPlJZYZNXC
@threatcluster
12 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-68493 - High Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommend... https://t.co/UhIdqGLkMC https://t.co/5fPoQkPSfj
@TheHackerWire
12 Jan 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Apache Struts 2 XWork XXE Flaw (CVE-2025-68493) Exposes Data and Enables SSRF/DoS A newly disclosed XXE vulnerability in Apache Struts 2’s XWork XML configuration parsing allows attackers to abuse external entity processing to read sensitive files, trigger SSRF, o
@ThreatSynop
12 Jan 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data https://t.co/8tNfsNrmEZ
@CrowdCyber_Com
12 Jan 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-68493: Critical Security Warning: Apache Struts 2 "XML Trap" 🔗FOFA Link: https://t.co/UxNi7CZ2jC 🎯2.4M+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Query: app="Struts2" 🔖Refer: https://t.co/dDtSVjvyYh #OSINT #FOFA #CyberSecuri
@fofabot
12 Jan 2026
5720 Impressions
32 Retweets
106 Likes
36 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-68493 (CVSS N/A): Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
@zoomeye_team
12 Jan 2026
2407 Impressions
10 Retweets
34 Likes
11 Bookmarks
0 Replies
1 Quote
The XML Trap: Why CVE-2025-68493 is the Most Dangerous Struts Flaw of 2026 Read the full report on - https://t.co/JIWUGXN035 https://t.co/LSEuyAX9ao
@cyberbivash
12 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68493 hits Apache Struts via an XXE in older XWork. If you run Struts, upgrade now to 6.1.1 to close the door on crafted XML input. No doom and gloom—just patching keeps your web app safer. Details: https://t.co/3EAeiPpqyL
@StrongKeepCyber
12 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data https://t.co/A8ViK2HgMR
@Karma_X_Inc
12 Jan 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The XML Trap: CVE-2025-68493, a Critical Struts 2 Flaw Exposing Your Data #cybersecurity #vulnerability #cve #xxe https://t.co/gIgqvprvyy
@xplain_it_again
12 Jan 2026
96 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Alert: Apache Struts 2 XXE flaw (CVE-2025-68493) exposes apps to data theft & DoS. Upgrade to v6.1.1 or apply JVM workarounds immediately. #ApacheStruts #JavaSecurity #CVE202568493 #XXE #InfoSec #CyberSecurity #DevSecOps #TechAlert https://t.co/nA58HoBXXr
@the_yellow_fall
12 Jan 2026
488 Impressions
1 Retweet
3 Likes
4 Bookmarks
0 Replies
0 Quotes
IT関連サイト記事が更新されました!記事はこちらから⇒ Apache StrutsのXXE脆弱性(CVE-2025-68493) https://t.co/JHI3yZdtsz
@itit7777
11 Jan 2026
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SIOSセキュリティブログを更新しました。 Apache StrutsのXXE脆弱性(CVE-2025-68493) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts https://t.co/64vM0halF0
@omokazuki
11 Jan 2026
116 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-68493: Apache Struts: XXE vulnerability in outdated XWork component https://t.co/gDcuBJnboD
@oss_security
11 Jan 2026
1076 Impressions
1 Retweet
11 Likes
3 Bookmarks
2 Replies
0 Quotes
CVE-2025-68493 Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.… https://t.co/xEA2fpr1Zh
@CVEnew
11 Jan 2026
359 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB32EC52-8599-4E6C-9F87-D2BC050A2531",
"versionEndIncluding": "2.3.37",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52DA80BB-35F0-4290-902F-66D27FB9A98F",
"versionEndIncluding": "2.5.33",
"versionStartIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B07FCF-E80A-4D94-BCA5-FE3C4249B854",
"versionEndExcluding": "6.1.1",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]