Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.
This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.
Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
{
"cna_assigner": "apache",
"cwe_ids": [
"CWE-459"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "2.0.0"
},
{
"last_affected": "6.7.0"
},
{
"introduced": "7.0.0"
},
{
"last_affected": "7.0.3"
}
],
"source": "AFFECTED_FIELD"
},
{
"extracted_events": [
{
"introduced": "2.0.0"
},
{
"fixed": "6.7.0"
},
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.3"
}
],
"source": "DESCRIPTION"
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64775.json"
}