Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-68493

CVE-2025-68493: Apache Struts XXE Vulnerability

CVE-2025-68493 is an XML External Entity vulnerability in Apache Struts caused by missing XML validation. It affects versions 2.0.0 through 6.1.0. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2025-68493 Overview

CVE-2025-68493 is a Missing XML Validation vulnerability affecting Apache Struts, a popular open-source web application framework for developing Java EE web applications. The vulnerability stems from improper validation of XML input, which could allow attackers to craft malicious XML documents that bypass security controls and potentially lead to information disclosure or denial of service conditions.

Critical Impact

This vulnerability affects a wide range of Apache Struts versions spanning over a decade of releases, from version 2.0.0 through 6.1.0, potentially exposing numerous enterprise applications to XML-based attacks.

Affected Products

  • Apache Struts versions from 2.0.0 before 2.2.1
  • Apache Struts versions from 2.2.1 through 6.1.0
  • Applications built on vulnerable Apache Struts framework versions

Discovery Timeline

  • 2026-01-11 - CVE-2025-68493 published to NVD
  • 2026-01-13 - Last updated in NVD database

Technical Details for CVE-2025-68493

Vulnerability Analysis

The vulnerability is classified under CWE-112 (Missing XML Validation), which indicates that the affected Apache Struts versions fail to properly validate XML input before processing. When XML documents are accepted without adequate schema validation, attackers can inject malformed or malicious XML structures that the application processes as legitimate input.

This type of vulnerability enables network-based attacks that require some user interaction to exploit. Successful exploitation could result in unauthorized access to sensitive data and system availability disruption. The attack complexity is low, meaning no specialized conditions or prerequisites are needed beyond reaching the vulnerable endpoint.

Root Cause

The root cause lies in Apache Struts' XML processing components that do not enforce strict XML schema validation. Without proper validation against a defined XML schema (XSD), the framework accepts XML documents that may contain unexpected elements, attributes, or structures. This permissive parsing behavior violates the principle of input validation and allows attackers to manipulate XML data in ways not anticipated by application developers.

Attack Vector

The vulnerability is exploitable over the network, requiring an attacker to send specially crafted XML payloads to an application running on a vulnerable Apache Struts version. The attack vector involves:

  1. Identifying an endpoint that accepts XML input in a Struts-based application
  2. Crafting a malicious XML document that exploits the missing validation
  3. Submitting the payload to the vulnerable endpoint
  4. The application processes the malformed XML without proper validation, potentially leading to information disclosure or denial of service

The attack requires user interaction, suggesting that social engineering or convincing a user to trigger a specific action may be necessary for successful exploitation. Technical details regarding specific exploitation techniques can be found in the Apache Security Advisory S2-069.

Detection Methods for CVE-2025-68493

Indicators of Compromise

  • Unusual XML payloads in application logs containing malformed or unexpected XML structures
  • Error messages related to XML parsing failures or schema validation issues
  • Unexpected application behavior when processing XML-based requests
  • Increased resource consumption during XML processing operations

Detection Strategies

  • Implement web application firewall (WAF) rules to inspect and validate XML payloads against expected schemas
  • Enable detailed logging for XML processing operations to capture potential exploitation attempts
  • Deploy intrusion detection systems (IDS) with signatures for known XML-based attack patterns
  • Monitor application logs for XML parsing exceptions and validation errors

Monitoring Recommendations

  • Review Apache Struts application logs for anomalous XML-related activities
  • Set up alerts for unusual patterns in XML request sizes or frequencies
  • Monitor system resource utilization for signs of XML-based denial of service attacks
  • Implement application performance monitoring to detect degradation from XML processing issues

How to Mitigate CVE-2025-68493

Immediate Actions Required

  • Upgrade Apache Struts to version 6.1.1 or later, which addresses this vulnerability
  • Audit applications to identify all instances of vulnerable Apache Struts versions
  • Implement input validation at the application layer as a defense-in-depth measure
  • Apply network-level controls to restrict access to vulnerable endpoints until patching is complete

Patch Information

Apache has released version 6.1.1 to address this vulnerability. Users are strongly recommended to upgrade to this version immediately. The security advisory S2-069 provides detailed information about the fix and upgrade instructions. Additional discussion is available on the Openwall OSS-Security Mailing List.

Workarounds

  • Implement custom XML validation filters at the application level to validate all XML input against strict schemas
  • Deploy WAF rules to reject XML requests that do not conform to expected document structures
  • Restrict network access to XML-processing endpoints to trusted sources only
  • Consider disabling or removing XML-based functionality if not essential to application operations
bash
# Example: Update Apache Struts dependency in Maven pom.xml
# Upgrade struts-core dependency to patched version
# <dependency>
#   <groupId>org.apache.struts</groupId>
#   <artifactId>struts2-core</artifactId>
#   <version>6.1.1</version>
# </dependency>

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne