CVE-2021-25749 is a vulnerability that affects the popular open-source web application framework, Apache Struts. The flaw could allow attackers to execute arbitrary code on a targeted system by sending a specially crafted HTTP request. The vulnerability was rated as critical, with a CVSS score of 9.8 out of 10.
The vulnerability was discovered by security researcher Nikhil Mittal in March 2021 and was promptly reported to the Apache Struts development team. A patch was released on April 24, 2021, which addressed the issue. However, it should be noted that not all users may have updated their systems, and those who haven't are at risk of being exploited.
If successfully exploited, an attacker could gain complete control over the affected system, allowing them to steal sensitive data, install malware and carry out other malicious activities. It is essential for organizations to apply security patches as soon as they become available and regularly update their software to prevent such vulnerabilities from being exploited.