Open Nav
Sign Up

Critical RCE Vulnerability CVE-2023-50164 in Apache Struts 2

CVE 2023-50164 critical vulnerability

Bar Refael

December 24, 2023

A new critical remote code execution (RCE) vulnerability, CVE-2023-50164, has been identified in Apache Struts 2, a popular open source web application framework. This flaw is related to file upload logic and could lead to incorrect path traversal, allowing an attacker to upload and execute malicious files. Given the severity of this vulnerability and the history of similar vulnerabilities being exploited in large-scale attacks, it is imperative that it be patched immediately.

CVE-2023-50164 Vulnerability Details

  • Framework: Apache Struts 2
  • Vulnerability ID: CVE-2023-50164
  • Severity: Critical
  • Impacted Versions:
    • Struts 2.3.37 (End of Life)
    • Struts 2.5.0 to 2.5.32
    • Struts 6.0.0 to 6.3.0
  • Patched Versions:
    • Struts 2.5.33
    • Struts 6.3.0.2 or later
  • Discovery: Steven Seeley of Source Incite
  • Impact: Remote Code Execution via file upload and path traversal

Technical Analysis

This vulnerability is caused by a flaw in the file upload logic within the Struts 2 framework. This flaw allows unauthorized path traversal, allowing an attacker to upload malicious files to the server. Once uploaded, this file can be executed, resulting in complete remote code execution on the affected server. This vulnerability is of particular concern because Struts 2 is commonly used in enterprise web applications.

Mitigation Steps

  1. Immediate Patching Required: Administrators of applications using Apache Struts 2 should immediately upgrade to Struts version 2.5.33 or 6.3.0.2 or later.
  2. No Workarounds Available: There are no alternative workarounds to mitigate this issue, making upgrading the only solution.
  3. Verify Application Integrity: Post-upgrade, verify the integrity of web applications and check for any signs of compromise.
  4. Regular Security Audits: Conduct regular security audits of the applications to ensure ongoing security and compliance.

Related Threats and Precedents

  • Historical Exploits: A similar vulnerability in Apache Struts (CVE-2017-5638) was exploited in the notorious Equifax breach in 2017, emphasizing the potential risk of such vulnerabilities being targeted by threat actors.

Conclusion

Given the critical nature of CVE-2023-50164 and the widespread use of Apache Struts 2 in enterprise web applications, this vulnerability poses a significant risk. Since there is no workaround, you should patch it immediately to prevent potential exploits that are reminiscent of previous large-scale security breaches.

Recommendations for Developers and Administrators

  • Upgrade to the patched versions of Apache Struts immediately.
  • Regularly update and audit all components of web applications.
  • Monitor for suspicious activities indicating a breach or an attempt to exploit this vulnerability.

Intelligence Source Attribution

This CTI report is based on security advisories published by Apache and information from Source Incite, which discovered and reported the bug. The historical context in which similar vulnerabilities have been exploited in major cyberattacks underscores the urgency of addressing this issue.

Resources highlights

High-Severity WordPress Vulnerability in Forminator Plugin (CVE-2025-6463)

A critical vulnerability in the Forminator plugin, one of the most popular form-building plugins in Wordpress, allows unauthenticated attackers to delete arbitrary files on the…

Read more >

CVE-2025-6463

CVE-2025-6554: Chrome V8 Zero-Day Exploited in the Wild

On June 30, 2025, Google issued an emergency patch for a critical zero-day vulnerability in its Chrome browser, tracked as CVE-2025-6554. The flaw resides in…

Read more >

CVE-2025-6554

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

On June 25, 2025, Cisco disclosed and patched two critical remote code execution (RCE) vulnerabilities: CVE-2025-20281 and CVE-2025-20282, affecting its widely deployed Identity Services Engine…

Read more >

CVE-2025-20281 & CVE-2025-20282

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

On June 25, 2025, CISA added CVE‑2024‑54085, a critical authentication bypass vulnerability in the MegaRAC SPx Baseboard Management Controller (BMC) firmware, to its Known Exploited…

Read more >

CVE-2024-54085

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a sophisticated malware campaign dubbed “UMBRELLA…

Read more >

umbrella stand fortinet

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary planting techniques. Tracked as CVE-2025-49144,…

Read more >

CVE-2025-49144
Under Cyber Attack?

Fill out the form and we will contact you immediately.