CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

HIGH | MAY 27, 2025 | CVE-2025-41235

Description

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.

Affected Spring Products and Versions

Spring Cloud Gateway Server:

  • 2.2.10.RELEASE - 4.2.2, 4.3.0-{M1, M2, RC1}

Spring Cloud Gateway Server MVC:

  • 4.1.7 - 4.2.2, 4.3.0-{M1, M2, RC1}

Mitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s) Fix version Availability
4.3.0-{M1, M2, RC1} 4.3.0 OSS
4.2.x 4.2.3 OSS
4.1.x 4.1.8 OSS
4.0.x 4.0.12 Commercial
3.1.x 3.1.10 Commercial

NOTE: Older unsupported versions are also impacted, and should upgrade to a supported version.

The X-Forwarded-* and Forwarded header functionality will be disabled by default with the fix versions. If you require X-Forwarded-* or Forwarded header functionality, after upgrading you will need to do the following:

  1. Set spring.cloud.gateway.trusted-proxies to a Java Regular Expression that specifies the proxies whose headers you trust. If you are using Spring Cloud Gateway Server MVC (only available from 4.1.x onward) set spring.cloud.gateway.mvc.trusted-proxies. For example for Spring Cloud Gateway Server:
spring.cloud.gateway.trusted-proxies=10\.0\.0\..*

For example for Spring Cloud Gateway Server MVC:

spring.cloud.gateway.mvc.trusted-proxies=10\.0\.0\..*

If you cannot upgrade, then you can:

  1. Set spring.cloud.gateway.forwarded.enabled=false and spring.cloud.gateway.x-forwarded.enabled=false if you are using spring-cloud-starter-gateway or if you are using spring-cloud-starter-gateway-mvc (only available from 4.1.x onward) set spring.cloud.gateway.mvc.forwarded-request-headers-filter.enabled=false and spring.cloud.gateway.mvc.x-forwarded-request-headers-filter.enabled=false.

Credit

This vulnerability was discovered and responsibly reported by Vilius Šumskas.

References

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all