CVE-2025-66675

HIGH

Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 24 (4.2.0.24)

Details

CVSS v3: 8.2
NVD published: 2025-12-10 10:16:02
EPSS: 0.1% probability · 31.6th percentile — 2026-04-08
Affected versions: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
Summary: Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

View on NVD

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.