Bug 2428559 (CVE-2025-68493)
| Summary: | CVE-2025-68493 org.apache.struts: Apache Struts: Information disclosure and denial of service via missing XML validation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aschwart, asoldano, ataylor, bbaranow, bmaxwell, boliveir, brian.stansberry, ccranfor, chfoley, csutherl, darran.lofthouse, dbruscin, dhanak, dosoudil, drosa, dsoumis, fjuma, fmariani, gmalinko, ibek, istudens, ivassile, iweiss, janstey, jclere, jpechane, jrokos, jscholz, kvanderr, kverlaen, mnovotny, mosmerov, mposolda, msvehla, nwallace, pberan, pbizzarr, pdelbell, pesilva, pjindal, plodge, pmackay, rmartinc, rmaucher, rstancel, rstepani, sausingh, smaestri, ssilvert, sthorger, swoodman, szappis, tcunning, tom.jenkinson, vmuzikar, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
An XML processing flaw has been found in Apache Struts. Parsing of XML configuration in the XWork component does not validate XML in proper way and it's vulnerable to XML external entity (XXE) injection.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2428721, 2428722 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-01-11 14:01:17 UTC
|