CVE-2025-64775

Source
https://cve.org/CVERecord?id=CVE-2025-64775
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64775.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-64775
Aliases
Published
2025-12-01T16:07:36.573Z
Modified
2026-07-08T07:09:41.420710283Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS)
Details

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Database specific
{
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-459"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.0.0"
                },
                {
                    "last_affected": "6.7.0"
                },
                {
                    "introduced": "7.0.0"
                },
                {
                    "last_affected": "7.0.3"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "2.0.0"
                },
                {
                    "fixed": "6.7.0"
                },
                {
                    "introduced": "7.0.0"
                },
                {
                    "fixed": "7.0.3"
                }
            ],
            "source": "DESCRIPTION"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64775.json"
}
References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type
GIT
Repo
https://github.com/apache/struts
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "6.8.0"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.1.1"
        }
    ],
    "cpe": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

Other
STRUTS_7_0_0
STRUTS_7_0_1
STRUTS_7_0_2
STRUTS_7_0_3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64775.json"