CIRT.GY | Apache Struts Security Advisory (December 3rd, 20

Apache Struts Security Advisory (December 3rd, 2025)

Ref# ADV2025_399 | Date: Dec 4th 2025

Apache published a security advisory highlighting vulnerabilities in the following products on November 11th, 2025. It is recommended that you take these necessary precautions by ensuring your products are always updated.

Apache Struts – versions Struts 2.0.0 to Struts 2.3.37 (EOL)
Apache Struts – versions Struts 2.5.0 to Struts 2.5.33 (EOL)
Apache Struts – versions Struts 6.0.0 to Struts 6.7.0
Apache Struts – versions Struts 7.0.0 to Struts 7.0.3

For more information on these updates, you can follow this URL:

https://cwiki.apache.org/confluence/display/WW/S2-068

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Apache Security Advisory

References

Security Bulletins. (November 11th, 2025). Retrieved from Confluence. https://cwiki.apache.org/confluence/#all-updates
Apache Struts security advisory (December 2nd, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/apache-struts-security-advisory-av25-800