Key Findings A new vulnerability, CVE-2025-68493, has been discovered in the Apache Struts 2 web application framework. The flaw, which affects multiple versions of Struts 2, allows for XML External Entity (XXE) injection attacks. The vulnerability can lead to data disclosure, denial of service, and server-side request forgery (SSRF). The issue stems from improper validation of XML configurations in the XWork component of Struts 2. Background Apache Struts 2 is a popular open
