How to fix EUVD-2025-200019?

Within 24 hours: Inventory all Struts deployments and affected versions; assess exposure by identifying internet-facing or file-upload-enabled instances. Within 7 days: Implement compensating controls (WAF rules blocking oversized multipart requests, disable multipart uploads if not essential, enable disk usage monitoring/alerts). Within 30 days: Upgrade to Struts 6.8.0 or 7.1.1; validate patches in staging before production deployment.

Is Ubuntu affected by EUVD-2025-200019?

Apache Struts installations are vulnerable to a denial-of-service attack that exploits multipart request processing to exhaust disk space, potentially rendering affected applications unavailable.

EUVD-2025-200019

| CVE-2025-64775 HIGH

2025-12-01 [email protected]

GHSA-xx7v-hqxh-cjr9

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 13:34 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 13:34 euvd

EUVD-2025-200019

PoC Detected

Jan 26, 2026 - 11:30 vuln.today

Public exploit code

CVE Published

Dec 01, 2025 - 16:15 nvd

HIGH 7.5

Description

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Analysis

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

Technical Context

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Incomplete Cleanup (CWE-459).

Affected Products

Affected products: Apache Struts

Remediation

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

Vendor Status

Ubuntu

Priority: Medium

Debian

libstruts1.2-java

Release	Status	Fixed Version	Urgency
(unstable)	fixed	(unfixed)	-

EUVD-2025-200019 vulnerability details – vuln.today

Back

EUVD-2025-200019

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-200019

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code