Known vulnerabilities in Apache Foundation Apache Struts 2.5.25

Known vulnerabilities in Apache Foundation Apache Struts 2.5.25

Vendor: Apache Foundation

Website: https://www.apache.org

Total Security Bulletins: 11

Security bulletins (11)

Secuity bulletin	Severity	Status	Published
SB2026011214: XXE in Apache Struts	Medium	Patched	12.01.2026
SB2025120157: Denial of service in Apache Struts	Medium	Patched	01.12.2025
SB2024121136: Remote code execution in Apache Struts	High	Patched Public exploit	11.12.2024
SB2023120703: Remote code execution via file upload in Apache Struts	Critical	Patched Exploited	07.12.2023
SB2023091364: Denial of service in Apache Struts	Medium	Patched	13.09.2023
SB2023061351: Multiple DoS vulnerabilities in Apache Struts	Medium	Patched	13.06.2023
SB2022041218: Remote code execution in Apache Struts	High	Patched Public exploit	12.04.2022
SB2022010604: Apache Struts update for Log4j library	Medium	Patched	06.01.2022
SB2022010603: Denial of service in Apache Struts Log4j library	Medium	Patched	06.01.2022
SB2022010602: Remote code execution in Apache Struts (Apache Log4j component)	High	Patched Exploited	06.01.2022
SB2020120801: Remote code execution in Apache Struts	High	Patched Exploited	08.12.2020