MEDIUM | JULY 15, 2025 | CVE-2025-22227
Description In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials.
In order for this to happen, the HTTP client must have been explicitly configured to follow redirects. Affected Spring Products and Versions Reactor…
MEDIUM | JUNE 12, 2025 | CVE-2025-41234
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD)
attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is…
HIGH | MAY 27, 2025 | CVE-2025-41235
Description Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. Affected Spring Products and Versions Spring Cloud Gateway Server: 2.2.10.RELEASE - 4.2.2, 4.3.0-{M1, M2, RC1} Spring Cloud Gateway Server MVC:…
MEDIUM | MAY 19, 2025 | CVE-2025-41232
Description Spring Security Aspects may not correctly locate method security annotations on private methods.
This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecurity(mode…
LOW | MAY 15, 2025 | CVE-2025-22233
Description CVE-2024-38820 ensured Locale-independent,
lowercase conversion for both the configured disallowedFields patterns and for request parameter names.
However, there are still cases where it is possible to bypass the disallowedFields checks. Affected…
MEDIUM | APRIL 24, 2025 | CVE-2025-22235
Description EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use…
MEDIUM | APRIL 22, 2025 | CVE-2025-22234
Description The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. Affected Spring Products and Versions Spring Security: 5.7.16 only 5.8.18 only 6.0.16 only 6.1.14 only 6.2.10 only 6.3.…
MEDIUM | APRIL 07, 2025 | CVE-2025-22232
Description Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: You have Spring Vault on the classpath of your…
HIGH | MARCH 19, 2025 | CVE-2025-22228
Description BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. Affected Spring Products and Versions Spring Security: 5.7.0 - 5.7.15 5.8.0 -…
MEDIUM | MARCH 19, 2025 | CVE-2025-22223
Description Spring Security may not correctly locate method security annotations on parameterized types or methods.
This may cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecurity…
