{"id":9150,"date":"2025-12-12T10:04:09","date_gmt":"2025-12-12T10:04:09","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/12\/12\/apache-struts-2-dos-vulnerability-let-attackers-crash-server\/"},"modified":"2025-12-12T10:04:09","modified_gmt":"2025-12-12T10:04:09","slug":"apache-struts-2-dos-vulnerability-let-attackers-crash-server","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/12\/12\/apache-struts-2-dos-vulnerability-let-attackers-crash-server\/","title":{"rendered":"Apache Struts 2 DoS Vulnerability Let Attackers Crash Server"},"content":{"rendered":"

Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework.<\/p>\n

The vulnerability, identified as CVE-2025-64775, exploits a file leak in multipart request processing that can cause disk exhaustion<\/a> and server crashes.<\/p>\n

Organizations running affected versions should prioritize patching immediately to prevent potential service disruptions. The flaw exists in Apache Struts 2\u2019s file upload functionality when enabled.<\/p>\n

\n\n\n\n\n\n\n\n\n\n
Attribute<\/strong><\/th>\nDetails<\/strong><\/th>\n<\/tr>\n<\/thead>\n
CVE ID<\/strong><\/td>\nCVE-2025-64775<\/td>\n<\/tr>\n
Impact<\/strong><\/td>\nDenial-of-Service<\/a><\/td>\n<\/tr>\n
Severity<\/strong><\/td>\nImportant<\/td>\n<\/tr>\n
Fixed Versions<\/strong><\/td>\nStruts 6.8.0+, Struts 7.1.1+<\/td>\n<\/tr>\n
Patch Status<\/strong><\/td>\nBackward Compatible<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

A file leak<\/a> in multipart request processing causes disk exhaustion by allowing attackers to fill storage capacity without proper cleanup or resource management.<\/p>\n

This results in a complete denial of service as the server becomes unable to process legitimate requests when disk space is exhausted.<\/p>\n

Security researcher Nicolas Fournier discovered<\/a> the vulnerability. This advisory is critical for all Apache Struts 2 developers, system administrators, and organizations deploying Struts-based applications.<\/p>\n

Any organization with file upload capabilities enabled should immediately assess its environment and apply necessary patches.<\/p>\n

Multiple versions across four major release lines are impacted.<\/p>\n

\n\n\n\n\n\n\n\n\n\n
Versions<\/th>\nStatus<\/th>\nRecommendation<\/th>\n<\/tr>\n<\/thead>\n
Struts 2.0.0 \u2013 2.3.37<\/strong><\/td>\nEOL & Vulnerable<\/td>\nUpgrade immediately<\/td>\n<\/tr>\n
Struts 2.5.0 \u2013 2.5.33<\/strong><\/td>\nEOL & Vulnerable<\/td>\nUpgrade immediately<\/td>\n<\/tr>\n
Struts 6.0.0 \u2013 6.7.4<\/strong><\/td>\nVulnerable<\/td>\nUpdate required<\/td>\n<\/tr>\n
Struts 7.0.0 \u2013 7.0.3<\/strong><\/td>\nVulnerable<\/td>\nUpdate required<\/td>\n<\/tr>\n
6.8.0+ or 7.1.1+<\/strong><\/td>\nSafe<\/td>\nUse minimum recommended versions<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Struts 2.0.0 through 2.3.37 are affected, though this version line reached end-of-life<\/a>. Struts 2.5.0 through 2.5.33 are also vulnerable but similarly reached end-of-life status.<\/p>\n

More critically, Struts 6.0.0 through 6.7.4 and Struts 7.0.0 through 7.0.3 remain actively maintained and require immediate updates. Organizations should upgrade to Struts 6.8.0 or Struts 7.1.1 at a minimum.<\/p>\n

The patches are backward compatible, ensuring smooth transitions without breaking existing functionality.<\/p>\n

Those unable to upgrade immediately can implement workarounds by configuring dedicated temporary folders with limited storage or by turning off file upload support if it is not required for operations.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post Apache Struts 2 DoS Vulnerability Let Attackers Crash Server<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Apache Struts 2 DoS Vulnerability Let Attackers Crash Server A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775, exploits a file leak in multipart request processing that can cause disk exhaustion and server crashes. Organizations running affected versions should […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-9150","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9150"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9150"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9150\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}