Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads

Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk?

It turns out that even in the world of software, ‘old’ doesn’t mean ‘gone.’ In a report shared with Hackread.com, cybersecurity researchers at Sonatype revealed a massive spike in downloads of long-outdated Apache Struts versions.

We are talking about a specific flaw called CVE-2025-68493. What makes this discovery unique is how it was found. According to the Apache Struts security bulletin (S2-069), it was identified by Zast AI, an autonomous AI security research system.

As we know it, AI is now hunting for bugs faster than humans can, which is a bit of a double-edged sword because while it finds the holes, it also gives organisations almost no time to react before someone else exploits them.