Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN020
_____________________________________________________________________

DATE                : 12/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Struts versions prior to
                              25.10.2, 24.10.3, 24.04.3.

=====================================================================
https://lists.apache.org/thread/o5hjc4r8nq0zfnpz7jl7kjsmn1cy1zd6
_____________________________________________________________________

S2-069: CVE-2025-68493: Apache Struts, Apache Struts: XXE
vulnerability in outdated XWork component

Severity: important 

Affected versions:

- Apache Struts (com.opensymphony:xwork) 2.0.0 before 2.2.1
- Apache Struts (org.apache.struts.xwork:xwork-core) 2.2.1 through
6.1.0

Description:

Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache
Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the
issue.

References:

https://cwiki.apache.org/confluence/display/WW/S2-069
https://struts.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-68493



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================