AI description
CVE-2025-68493 is an XML External Entity (XXE) injection vulnerability found in the XWork component of Apache Struts 2. This flaw arises from the improper validation of XML configurations during parsing within the XWork component, which is the command-pattern framework powering Struts. The lack of proper XML validation allows attackers to inject malicious external entities into XML files. When an application processes a specially crafted XML file, it can be tricked into fetching external resources. This vulnerability could potentially lead to the disclosure of data, denial-of-service attacks, or server-side request forgery. The issue affects various versions of Apache Struts, including Struts 2.0.0 through 2.3.37 (EOL), Struts 2.5.0 through 2.5.33 (EOL), and Struts 6.0.0 through 6.1.0. Users are advised to upgrade to Struts 6.1.1 or later to address this security gap.
- Description
- Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
- Severity
- HIGH
- security@apache.org
- CWE-112
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
15
🚨 CRITICAL ALERT: Apache Struts2 XXE Exposed (CVE-2025-68493) https://t.co/55SFvMaWDb discovered a high severity XXE vulnerability in XWork-Core allows threat actors steal files & trigger SSRF. The flaw was hidden in DomHelper's unconfigured SAX parser. ⚡ Discovere
@zast_ai
13 Jan 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Another major framework, another hidden vulnerability missed by pattern matching. We just uncovered and disclosed a High-Severity XXE in Apache Struts2 (CVE-2025-68493) with our AI agent - https://t.co/sNLNjScHo3. The flaw was buried deep in DomHelper's unconfigured SAX parser.
@Bb1pKJl11k
13 Jan 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
XMLトラップ:Struts 2の重大な欠陥CVE-2025-68493がデータを公開 The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data #DailyCyberSecurity (Jan 12) https://t.co/eg1ESyi3g1
@foxbook
12 Jan 2026
373 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Critical Apache Struts 2 XXE Bug (CVE-2025-68493) Exposes Apps to Data Theft and SSRF A critical XXE injection flaw in Struts 2’s XWork XML configuration parsing affects Struts 2.0.0–2.3.37, 2.5.0–2.5.33, and 6.0.0–6.1.0, allowing attackers to read sensitive files an
@ThreatSynop
12 Jan 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kritik Apache Struts 2 Güvenlik Açığı: CVE-2025-68493. XXE zafiyeti, hassas veri sızıntısı ve sunucu ele geçirilmesine yol açabilir. Etkilenen sürümler derhal güncellenmeli. Acil eylem gerekiyor. #SiberGuvenlik #Apache #CVE https://t.co/JPRzbDA5IM
@osmanmuratgul
12 Jan 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68493: Critical XXE flaw in Apache Struts 2 could expose millions of apps to data theft and server compromise. Admins and developers urged to apply fixes and mitigations. #Vulnerability https://t.co/QPlJZYZNXC
@threatcluster
12 Jan 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-68493 - High Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommend... https://t.co/UhIdqGLkMC https://t.co/5fPoQkPSfj
@TheHackerWire
12 Jan 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Apache Struts 2 XWork XXE Flaw (CVE-2025-68493) Exposes Data and Enables SSRF/DoS A newly disclosed XXE vulnerability in Apache Struts 2’s XWork XML configuration parsing allows attackers to abuse external entity processing to read sensitive files, trigger SSRF, o
@ThreatSynop
12 Jan 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data https://t.co/8tNfsNrmEZ
@CrowdCyber_Com
12 Jan 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-68493: Critical Security Warning: Apache Struts 2 "XML Trap" 🔗FOFA Link: https://t.co/UxNi7CZ2jC 🎯2.4M+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Query: app="Struts2" 🔖Refer: https://t.co/dDtSVjvyYh #OSINT #FOFA #CyberSecuri
@fofabot
12 Jan 2026
5720 Impressions
32 Retweets
106 Likes
36 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-68493 (CVSS N/A): Apache Struts, Apache Struts: XXE vulnerability in outdated XWork component Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
@zoomeye_team
12 Jan 2026
2407 Impressions
10 Retweets
34 Likes
11 Bookmarks
0 Replies
1 Quote
The XML Trap: Why CVE-2025-68493 is the Most Dangerous Struts Flaw of 2026 Read the full report on - https://t.co/JIWUGXN035 https://t.co/LSEuyAX9ao
@Iambivash007
12 Jan 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-68493 hits Apache Struts via an XXE in older XWork. If you run Struts, upgrade now to 6.1.1 to close the door on crafted XML input. No doom and gloom—just patching keeps your web app safer. Details: https://t.co/3EAeiPpqyL
@StrongKeepCyber
12 Jan 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The XML Trap: Critical Struts 2 Flaw CVE-2025-68493 Exposes Data https://t.co/A8ViK2HgMR
@Karma_X_Inc
12 Jan 2026
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The XML Trap: CVE-2025-68493, a Critical Struts 2 Flaw Exposing Your Data #cybersecurity #vulnerability #cve #xxe https://t.co/gIgqvprvyy
@xplain_it_again
12 Jan 2026
96 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Alert: Apache Struts 2 XXE flaw (CVE-2025-68493) exposes apps to data theft & DoS. Upgrade to v6.1.1 or apply JVM workarounds immediately. #ApacheStruts #JavaSecurity #CVE202568493 #XXE #InfoSec #CyberSecurity #DevSecOps #TechAlert https://t.co/nA58HoBXXr
@the_yellow_fall
12 Jan 2026
488 Impressions
1 Retweet
3 Likes
4 Bookmarks
0 Replies
0 Quotes
IT関連サイト記事が更新されました!記事はこちらから⇒ Apache StrutsのXXE脆弱性(CVE-2025-68493) https://t.co/JHI3yZdtsz
@itit7777
11 Jan 2026
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SIOSセキュリティブログを更新しました。 Apache StrutsのXXE脆弱性(CVE-2025-68493) #sios_tech #security #vulnerability #セキュリティ #脆弱性 #apache #struts https://t.co/64vM0halF0
@omokazuki
11 Jan 2026
116 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2025-68493: Apache Struts: XXE vulnerability in outdated XWork component https://t.co/gDcuBJnboD
@oss_security
11 Jan 2026
1076 Impressions
1 Retweet
11 Likes
3 Bookmarks
2 Replies
0 Quotes
CVE-2025-68493 Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.… https://t.co/xEA2fpr1Zh
@CVEnew
11 Jan 2026
359 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes