VulnHub

A serious vulnerability has been identified in multiple versions of the Apache Struts 2 framework, tracked as CVE-2025-68493. This XML external entity injection flaw could allow attackers to gain unauthorized access to sensitive data, cause denial-of-service attacks, or execute server-side request forgery (SSRF) attacks. Organizations using affected versions of Apache Struts 2 are at risk, which could lead to significant data breaches and disruptions. The issue emphasizes the need for developers and system administrators to ensure their applications are updated and secure against such vulnerabilities. Immediate action is necessary to mitigate potential exploitation.

Atlassian has addressed a significant security vulnerability in Apache Tika, which affects several of its products including Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, and Jira. This flaw poses a risk as it could potentially allow attackers to exploit the software, putting user data at risk. The company has released software updates to patch the vulnerability, urging users to apply these updates promptly to ensure their systems remain secure. This incident underscores the importance of regularly updating software to protect against known vulnerabilities. Users of the affected products should prioritize these updates to safeguard their environments from potential exploitation.

The article discusses a dual campaign targeting GlobalProtect portals and SonicWall APIs, highlighting a critical XXE vulnerability found in Apache software. This vulnerability poses a significant risk, necessitating immediate attention from affected organizations to mitigate potential exploitation.