Apache Struts har 2.3.37/2.5.33/6.1.0 SAXParserFactory XML External Entity

CVSS Meta Temp ScoreGarga na exploit ndiyam (≈)CTI Nganji Score
7.0$0-$5k0.00

Gundumabayani

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin Apache Struts har 2.3.37/2.5.33/6.1.0. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, SAXParserFactory na cikin sashi. Ngam manipulation shi XML External Entity. Wannan rauni ana sayar da shi da suna CVE-2025-68493. Ngam yiɗi ka a tuma ndiyam ka nder internet. Ba exploit ɗin da ake da shi. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Furɗebayani

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin Apache Struts har 2.3.37/2.5.33/6.1.0. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, SAXParserFactory na cikin sashi. Ngam manipulation shi XML External Entity. CWE shidin ka a yi bayani matsala sai ya kai CWE-611. Gaskiya, laifi an fitar da shi a matsayin S2-069. Advisory ɗin ana rabawa don saukewa a cwiki.apache.org.

Wannan rauni ana sayar da shi da suna CVE-2025-68493. CVE assignement 12/19/2025 gangan shikena. Ngam yiɗi ka a tuma ndiyam ka nder internet. Tekinikal bayani ba ga. Wannan vulnerability ɗin ba shi da yawa sosai. Ba exploit ɗin da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam.

Á wúro a wondi feere.

Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Gashuwa

  • Apache Struts

Kayanbayani

Nganji

Ngilabe

Sunu

Furɗe

Laisens

Webseite

CPE 2.3bayani

CPE 2.2bayani

CVSSv4bayani

VulDB Furɗo: 🔒
VulDB Gaskiya: 🔍

CVSSv3bayani

VulDB Meta Base Score: 7.2
VulDB Meta Temp Score: 7.0

VulDB Ganda Borno: 6.3
VulDB Temp Score: 6.0
VulDB Furɗo: 🔒
VulDB Gaskiya: 🔍

NVD Ganda Borno: 8.1
NVD Furɗo: 🔒

CVSSv2bayani

AVACAuCIA
💳💳💳💳💳💳
💳💳💳💳💳💳
💳💳💳💳💳💳
VektarKumpleksitiAuthentisierungKariyandiGaskiyaGashina
furufurufurufurufurufuru
furufurufurufurufurufuru
furufurufurufurufurufuru

VulDB Ganda Borno: 🔒
VulDB Temp Score: 🔒
VulDB Gaskiya: 🔍

Gargajiyabayani

Klasu: XML External Entity
CWE: CWE-611 / CWE-610
CAPEC: 🔒
ATT&CK: 🔒

Fizikal: Ayi
Gumti: Ayi
Gana: Ee

Gashina: 🔒
Halitta: A wondi feere

EPSS Score: 🔒
EPSS Percentile: 🔒

Furɗo farashi: 🔍
Gaskiya farashi ndiyam: 🔒

0-Dayfurufurufurufuru
Lalefurufurufurufuru

Bayani na barazanabayani

Ngam: 🔍
Akteɓe ɓernde: 🔍
Kura APT goruwa masu aiki: 🔍

Kari gamjibayani

Garga: Gargajiya
Halitta: 🔍

0-Day Gana: 🔒

Gargajiya: Struts 6.1.1

Waktin layibayani

12/19/2025 CVE anin ga
01/11/2026 +23 Hənde Advisory ganna fa.
01/11/2026 +0 Hənde VulDB gite be nayi
01/16/2026 +5 Hənde VulDB gite wuro karshe ta gyara

Ngizimbayani

Ngilabe: apache.org

Gargaaji: S2-069
Halitta: Gaskiya

CVE: CVE-2025-68493 (🔒)
GCVE (CVE): GCVE-0-2025-68493
GCVE (VulDB): GCVE-100-340448
EUVD: 🔒
CERT Bund: WID-SEC-2026-0064 - Apache Struts (XWork): Schwachstelle ermöglicht Manipulation von Dateien

Gumtibayani

Súgá: 01/11/2026 21:22
Gargadi: 01/16/2026 16:45
Goyarwa: 01/11/2026 21:22 (57), 01/12/2026 03:54 (1), 01/12/2026 12:32 (7), 01/16/2026 16:45 (11)
Gadankam: 🔍
Cache ID: 253:1F9:103

Ganaaji

A ga wuroyo kulu. Kàlàmbe: kr + en.

Ngam loga ka, kanyi shidin dum.

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!