Apache Struts External Entity (XXE) Injection Vulnerability S2-069 (CVE-2025-68493)
janeiro 13, 2026
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Struts external entity (XXE) injection vulnerability S2-069 (CVE-2025-68493); Because the XWork component of Apache Struts does not perform effective validation when parsing XML configuration, attackers can inject external entities by constructing malicious XML data to read sensitive server files, perform […]
