1月14日，国家漏洞库CNNVD发布关于Apache Struts安全漏洞的通报。Apache Struts框架曝出安全漏洞（CNNVD-202601-1787，CVE-2025-68493），其XWork组件在解析XML配置文件时未对输入进行充分安全校验，攻击者可通过提交恶意XML文档，诱使服务器在解析过程中加载文件触发漏洞，导致敏感信息泄露或拒绝服务。

Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack. Public attacks and scans looking for exposed ...

Apache has patched a critical remote code-execution vulnerability in Struts 2, and users should update immediately. A critical remote code-execution vulnerability in Apache Struts 2, the popular ...

The Apache Software Foundation has patched a critical security vulnerability which affects all versions of Apache Struts 2. Uncovered by researchers from cybersecurity firm Semmle, the security flaw ...

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. Hackers are attempting to ...

The Apache Software Foundation has released Struts 2.3.15.1, a security update for its popular Java Web application development framework that addresses two vulnerabilities, including a critical one ...

Cisco's Talos security team announced it discovered attacks against a zero-day vulnerability in Apache Struts, which Apache patched on Monday. According to its website, "Apache Struts is a free, ...

A new version of the Apache Struts development framework released Friday fixes two problems that had developers worried. Apache Struts is a popular open-source framework for developing Java-based Web ...

The Apache Software Foundation has released Struts 2.3.15.1, a security update for its popular Java Web application development framework that addresses two vulnerabilities, including a critical one ...

Apache has warned customers of a critical remote code execution (RCE) vulnerability in its popular Struts 2 framework. Apache Struts 2 is an open-source web application framework for developing Java ...