7.5

CVE-2025-64775

EPSS 0.17%
Veröffentlicht 01.12.2025 16:07:36
Zuletzt bearbeitet 26.01.2026 11:30:04
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS)

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Struts Version >= 2.0.0 < 6.8.0

Apache ≫ Struts Version >= 7.0.0 < 7.1.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.379

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://cwiki.apache.org/confluence/display/WW/S2-068

Vendor Advisory

http://www.openwall.com/lists/oss-security/2025/12/01/2

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2025-64775

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-64775

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-64775

EUVD