CVE-2025-66675
📋 TL;DR
This CVE describes a Denial of Service vulnerability in Apache Struts where specially crafted multipart requests can cause file leaks leading to disk exhaustion. Attackers can exploit this to fill up disk space, causing service disruption. All Apache Struts users running affected versions are vulnerable.
💻 Affected Systems
- Apache Struts
📦 What is this software?
Struts by Apache
Struts by Apache
Struts by Apache
Struts by Apache
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage due to disk exhaustion, requiring manual cleanup and service restoration, potentially leading to extended downtime.
Likely Case
Service degradation or temporary unavailability as disk space fills, requiring administrator intervention to clear temporary files and restart services.
If Mitigated
Minimal impact with proper monitoring and disk space alerts allowing proactive cleanup before service disruption.
🎯 Exploit Status
Exploitation requires sending specially crafted multipart requests. No authentication is required to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.8.0 or 7.1.1
Vendor Advisory: https://cwiki.apache.org/confluence/display/WW/S2-068
Restart Required: Yes
Instructions:
1. Download Apache Struts 6.8.0 or 7.1.1 from the official Apache website. 2. Backup your current Struts installation and configuration. 3. Replace the Struts JAR files with the patched versions. 4. Restart your application server. 5. Test your application functionality.
🔧 Temporary Workarounds
Limit multipart request size
allConfigure maximum file upload size to limit potential disk consumption
struts.multipart.maxSize=10485760
Disable multipart processing if unused
allRemove multipart support if your application doesn't require file uploads
Remove or disable struts.multipart.* configurations
🧯 If You Can't Patch
- Implement strict input validation and filtering for multipart requests
- Monitor disk usage and set up alerts for rapid disk space consumption
🔍 How to Verify
Check if Vulnerable:
Check your Struts version against affected ranges. Examine application logs for unusual multipart request patterns or rapid disk space consumption.Check Version:
Check WEB-INF/lib directory for struts2-core-*.jar version or examine Maven/Gradle dependenciesVerify Fix Applied:
Verify Struts version is 6.8.0+ or 7.1.1+. Test with controlled multipart requests and monitor disk usage.📡 Detection & Monitoring
Log Indicators:
- Unusually large multipart requests
- Rapid disk space consumption
- File creation errors
- Out of disk space errors
Network Indicators:
- Large volume of multipart POST requests
- Requests with abnormal Content-Type headers
SIEM Query:
source="*struts*" AND ("multipart" OR "disk full" OR "out of space")