Improper Output Neutralization Vulnerability in Apache Struts by Apache
CVE-2025-54656
Currently unrated
What is CVE-2025-54656?
A vulnerability in Apache Struts related to improper output neutralization for logs allows untrusted input to be printed to logs without filtering. This can result in log entries that may be misleading, as specially-crafted input can cause parts of the message to be misinterpreted as separate log lines. This issue affects earlier versions of Apache Struts Extras, which are no longer maintained. It is crucial for users to restrict access to affected instances or consider migrating to supported alternatives to mitigate risks associated with this vulnerability.