CRITICAL ALERT: Apache Struts2 XXE Exposed (CVE-2025-68493)

ZAST.AI discovered a high severity XXE vulnerability in XWork-Core allows threat actors steal files & trigger SSRF.

The flaw was hidden in DomHelper's unconfigured SAX parser.

⚡ Discovered by ZAST.ai AI Agent — proving once again that AI-driven logic beats pattern matching.

Patch immediately (Struts2 <= 6.0.3)!

🔗 Vulnerability reports: https://cwiki.apache.org/confluence/display/WW/S2-069