{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T09:12:01.318","vulnerabilities":[{"cve":{"id":"CVE-2025-54656","sourceIdentifier":"security@apache.org","published":"2025-07-30T16:15:28.693","lastModified":"2025-11-04T22:16:29.117","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"security@apache.org","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts.\n\nThis issue affects Apache Struts Extras: before 2.\n\nWhen using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead to log output where part of the message masquerades as a separate log line, confusing consumers of the logs (either human or automated). \n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer."},{"lang":"es","value":"** NO SOPORTADO CUANDO SE ASIGNÓ ** Vulnerabilidad de neutralización de salida incorrecta para registros en Apache Struts. Este problema afecta a Apache Struts Extras: versiones anteriores a la 2. Al usar LookupDispatchAction, en algunos casos, Struts puede imprimir entradas no confiables en los registros sin ningún filtro. Una entrada especialmente manipulada puede generar una salida de registro donde parte del mensaje se hace pasar por una línea de registro independiente, lo que confunde a los usuarios (ya sean humanos o automatizados). Dado que este proyecto está retirado, no planeamos publicar una versión que solucione este problema. Se recomienda a los usuarios buscar una alternativa o restringir el acceso a la instancia a usuarios de confianza. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no reciben soporte del fabricante."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-117"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:struts_extras:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0","matchCriteriaId":"B28F17ED-2F73-48A0-BAE8-91B3C9AE1B24"}]}]}],"references":[{"url":"https:\/\/lists.apache.org\/thread\/so5cn07j2zn9vlf1xnfqp630wts719rr","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http:\/\/www.openwall.com\/lists\/oss-security\/2025\/07\/30\/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}