A critical vulnerability in Apache Struts (CVE-2024-53677, CVSS 9.5) allows attackers to exploit file upload parameters for remote code execution. It affects versions Struts 2.0.0 to 2.3.37, 2.5.0 to 2.5.33, and 6.0.0 to 6.3.0.2. Exploitation attempts matching a public PoC have been detected. Users should upgrade to Struts 6.4.0 or later, implement the new Action File Upload mechanism, and monitor systems for potential exploitation activity. This flaw underscores the criticality of maintaining updated IT infrastructures.