CVE-2025-68493HIGH 8.1EPSS p97.4%

CVE-2025-68493CVE-2025-68493

Description

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS22.48% probability of exploitation · percentile 97.4% · 2026-06-18T12:00:27Z
Published2026-01-11
Last modified2026-03-11

Underlying weaknesses· 1

CWE-611

References

  1. https://cwiki.apache.org/confluence/display/WW/S2-069
  2. http://www.openwall.com/lists/oss-security/2026/01/11/2

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of XML External Entity Referencecwe-6110%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-66675
CVE
Apache Struts 2 Improper Input Validation Vulnerability
CVE
CVE-2026-41293
CVE
Apache Struts Improper Input Validation Vulnerability
CVE
Apache Struts 1 Improper Input Validation Vulnerability
CVE
CVE-2026-42536
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.