cvelistv5 - cve-2025-22235

CVE-2025-22235 (GCVE-0-2025-22235)

Vulnerability from cvelistv5

Published

2025-04-28 07:10

Modified

2025-05-16 23:03

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-20 - Improper Input Validation

Summary

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection You are not affected if any of the following is true: * You don't use Spring Security * You don't use EndpointRequest.to() * The endpoint which EndpointRequest.to() refers to is enabled and is exposed * Your application does not handle requests to /null or this path does not need protection

References

►

URL

Tags

	security@vmware.com	https://spring.io/security/cve-2025-22235
	af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250516-0010/

Impacted products

	Vendor	Product	Version
	Spring	Spring Boot	Version: 2.7.x Version: 3.1.x Version: 3.2.x Version: 3.3.x Version: 3.4.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22235",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T16:16:38.622106Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T16:18:23.559Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-16T23:03:06.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250516-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "2.7.25",
              "status": "affected",
              "version": "2.7.x",
              "versionType": "Enterprise Support Only"
            },
            {
              "lessThan": "3.1.16",
              "status": "affected",
              "version": "3.1.x",
              "versionType": "Enterprise Support Only"
            },
            {
              "lessThan": "3.2.14",
              "status": "affected",
              "version": "3.2.x",
              "versionType": "Enterprise Support Only"
            },
            {
              "lessThan": "3.3.11",
              "status": "affected",
              "version": "3.3.x",
              "versionType": "OSS"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.x",
              "versionType": "OSS"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;creates a matcher for \u003ccode\u003enull/**\u003c/code\u003e\u0026nbsp;if the actuator endpoint, for which the \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;has been created, is disabled or not exposed.\u003c/p\u003e\u003cp\u003eYour application may be affected by this if all the following conditions are met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou use Spring Security\u003c/li\u003e\u003cli\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;has been used in a Spring Security chain configuration\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;references is disabled or not exposed via web\u003c/li\u003e\u003cli\u003eYour application handles requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;and this path needs protection\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eYou are not affected if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou don\u0027t use Spring Security\u003c/li\u003e\u003cli\u003eYou don\u0027t use \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;refers to is enabled and is exposed\u003c/li\u003e\u003cli\u003eYour application does not handle requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;or this path does not need protection\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n  *  You use Spring Security\n  *  EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n  *  The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n  *  Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n  *  You don\u0027t use Spring Security\n  *  You don\u0027t use EndpointRequest.to()\n  *  The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n  *  Your application does not handle requests to /null\u00a0or this path does not need protection"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-28T07:10:35.370Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2025-22235"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-22235",
    "datePublished": "2025-04-28T07:10:35.370Z",
    "dateReserved": "2025-01-02T04:30:06.832Z",
    "dateUpdated": "2025-05-16T23:03:06.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-22235\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-04-28T08:15:15.273\",\"lastModified\":\"2025-05-16T23:15:19.600\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\\n\\nYour application may be affected by this if all the following conditions are met:\\n\\n  *  You use Spring Security\\n  *  EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\\n  *  The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\\n  *  Your application handles requests to /null\u00a0and this path needs protection\\n\\n\\nYou are not affected if any of the following is true:\\n\\n  *  You don\u0027t use Spring Security\\n  *  You don\u0027t use EndpointRequest.to()\\n  *  The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\\n  *  Your application does not handle requests to /null\u00a0or this path does not need protection\"},{\"lang\":\"es\",\"value\":\"EndpointRequest.to() crea un comparador para null/** si el endpoint del actuador, para el que se cre\u00f3 EndpointRequest, est\u00e1 deshabilitado o no est\u00e1 expuesto. Su aplicaci\u00f3n puede verse afectada si se cumplen todas las siguientes condiciones: * Utiliza Spring Security * EndpointRequest.to() se ha utilizado en una configuraci\u00f3n de cadena de Spring Security * El punto final al que EndpointRequest hace referencia est\u00e1 deshabilitado o no est\u00e1 expuesto a trav\u00e9s de la web * Su aplicaci\u00f3n gestiona solicitudes a /null y esta ruta necesita protecci\u00f3n no se ver\u00e1 afectado si se cumple alguna de las siguientes condiciones: * No utiliza Spring Security * No utiliza EndpointRequest.to() * El endpoint al que EndpointRequest.to() hace referencia est\u00e1 habilitado y est\u00e1 expuesto * Su aplicaci\u00f3n no gestiona solicitudes a /null o esta ruta no necesita protecci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://spring.io/security/cve-2025-22235\",\"source\":\"security@vmware.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250516-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250516-0010/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-16T23:03:06.227Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22235\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-28T16:16:38.622106Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-28T16:18:14.845Z\"}}], \"cna\": {\"title\": \"Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Spring\", \"product\": \"Spring Boot\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.7.x\", \"lessThan\": \"2.7.25\", \"versionType\": \"Enterprise Support Only\"}, {\"status\": \"affected\", \"version\": \"3.1.x\", \"lessThan\": \"3.1.16\", \"versionType\": \"Enterprise Support Only\"}, {\"status\": \"affected\", \"version\": \"3.2.x\", \"lessThan\": \"3.2.14\", \"versionType\": \"Enterprise Support Only\"}, {\"status\": \"affected\", \"version\": \"3.3.x\", \"lessThan\": \"3.3.11\", \"versionType\": \"OSS\"}, {\"status\": \"affected\", \"version\": \"3.4.x\", \"lessThan\": \"3.4.5\", \"versionType\": \"OSS\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://spring.io/security/cve-2025-22235\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"EndpointRequest.to()\\u00a0creates a matcher for null/**\\u00a0if the actuator endpoint, for which the EndpointRequest\\u00a0has been created, is disabled or not exposed.\\n\\nYour application may be affected by this if all the following conditions are met:\\n\\n  *  You use Spring Security\\n  *  EndpointRequest.to()\\u00a0has been used in a Spring Security chain configuration\\n  *  The endpoint which EndpointRequest\\u00a0references is disabled or not exposed via web\\n  *  Your application handles requests to /null\\u00a0and this path needs protection\\n\\n\\nYou are not affected if any of the following is true:\\n\\n  *  You don\u0027t use Spring Security\\n  *  You don\u0027t use EndpointRequest.to()\\n  *  The endpoint which EndpointRequest.to()\\u00a0refers to is enabled and is exposed\\n  *  Your application does not handle requests to /null\\u00a0or this path does not need protection\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;creates a matcher for \u003ccode\u003enull/**\u003c/code\u003e\u0026nbsp;if the actuator endpoint, for which the \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;has been created, is disabled or not exposed.\u003c/p\u003e\u003cp\u003eYour application may be affected by this if all the following conditions are met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou use Spring Security\u003c/li\u003e\u003cli\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;has been used in a Spring Security chain configuration\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;references is disabled or not exposed via web\u003c/li\u003e\u003cli\u003eYour application handles requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;and this path needs protection\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eYou are not affected if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou don\u0027t use Spring Security\u003c/li\u003e\u003cli\u003eYou don\u0027t use \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;refers to is enabled and is exposed\u003c/li\u003e\u003cli\u003eYour application does not handle requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;or this path does not need protection\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-04-28T07:10:35.370Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-22235\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-16T23:03:06.227Z\", \"dateReserved\": \"2025-01-02T04:30:06.832Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-04-28T07:10:35.370Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-rc42-6c7j-7h5r

Vulnerability from github

Published

2025-04-28 09:31

Modified

2025-05-17 00:30

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

Details

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

Your application may be affected by this if all the following conditions are met:

You use Spring Security
EndpointRequest.to() has been used in a Spring Security chain configuration
The endpoint which EndpointRequest references is disabled or not exposed via web
Your application handles requests to /null and this path needs protection

You are not affected if any of the following is true:

You don't use Spring Security
You don't use EndpointRequest.to()
The endpoint which EndpointRequest.to() refers to is enabled and is exposed
Your application does not handle requests to /null or this path does not need protection

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.7.24.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "last_affected": "3.1.15.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2.0"
            },
            {
              "last_affected": "3.2.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.3.10"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.3.0"
            },
            {
              "fixed": "3.3.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.4.4"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.boot:spring-boot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.4.0"
            },
            {
              "fixed": "3.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-22235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-28T20:59:16Z",
    "nvd_published_at": "2025-04-28T08:15:15Z",
    "severity": "HIGH"
  },
  "details": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n  *  You use Spring Security\n  *  EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n  *  The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n  *  Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n  *  You don\u0027t use Spring Security\n  *  You don\u0027t use EndpointRequest.to()\n  *  The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n  *  Your application does not handle requests to /null\u00a0or this path does not need protection",
  "id": "GHSA-rc42-6c7j-7h5r",
  "modified": "2025-05-17T00:30:25Z",
  "published": "2025-04-28T09:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22235"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-boot"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250516-0010"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2025-22235"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed"
}

fkie_cve-2025-22235

Vulnerability from fkie_nvd

Published

2025-04-28 08:15

Modified

2025-05-16 23:15

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

References

▶	URL	Tags
	security@vmware.com	https://spring.io/security/cve-2025-22235
	af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250516-0010/

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n  *  You use Spring Security\n  *  EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n  *  The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n  *  Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n  *  You don\u0027t use Spring Security\n  *  You don\u0027t use EndpointRequest.to()\n  *  The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n  *  Your application does not handle requests to /null\u00a0or this path does not need protection"
    },
    {
      "lang": "es",
      "value": "EndpointRequest.to() crea un comparador para null/** si el endpoint del actuador, para el que se cre\u00f3 EndpointRequest, est\u00e1 deshabilitado o no est\u00e1 expuesto. Su aplicaci\u00f3n puede verse afectada si se cumplen todas las siguientes condiciones: * Utiliza Spring Security * EndpointRequest.to() se ha utilizado en una configuraci\u00f3n de cadena de Spring Security * El punto final al que EndpointRequest hace referencia est\u00e1 deshabilitado o no est\u00e1 expuesto a trav\u00e9s de la web * Su aplicaci\u00f3n gestiona solicitudes a /null y esta ruta necesita protecci\u00f3n no se ver\u00e1 afectado si se cumple alguna de las siguientes condiciones: * No utiliza Spring Security * No utiliza EndpointRequest.to() * El endpoint al que EndpointRequest.to() hace referencia est\u00e1 habilitado y est\u00e1 expuesto * Su aplicaci\u00f3n no gestiona solicitudes a /null o esta ruta no necesita protecci\u00f3n"
    }
  ],
  "id": "CVE-2025-22235",
  "lastModified": "2025-05-16T23:15:19.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "security@vmware.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-28T08:15:15.273",
  "references": [
    {
      "source": "security@vmware.com",
      "url": "https://spring.io/security/cve-2025-22235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20250516-0010/"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    }
  ]
}

wid-sec-w-2025-0887

Vulnerability from csaf_certbund

Published

2025-04-24 22:00

Modified

2025-04-24 22:00

Summary

VMware Tanzu Spring Boot: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Boot ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder nicht näher beschriebene Auswirkungen zu erzielen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Boot ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder nicht n\u00e4her beschriebene Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0887 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0887.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0887 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0887"
      },
      {
        "category": "external",
        "summary": "Spring Boot Release Notes vom 2025-04-24",
        "url": "https://spring.io/blog/2025/04/24/spring-boot-CVE-2025-22235"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisory CVE-2025-22235 vom 2025-04-24",
        "url": "https://spring.io/security/cve-2025-22235"
      }
    ],
    "source_lang": "en-US",
    "title": "VMware Tanzu Spring Boot: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2025-04-24T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-25T09:19:19.411+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0887",
      "initial_release_date": "2025-04-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.7.25",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c2.7.25",
                  "product_id": "T043156"
                }
              },
              {
                "category": "product_version",
                "name": "2.7.25",
                "product": {
                  "name": "VMware Tanzu Spring Boot 2.7.25",
                  "product_id": "T043156-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:2.7.25"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.1.16",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.1.16",
                  "product_id": "T043157"
                }
              },
              {
                "category": "product_version",
                "name": "3.1.16",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.1.16",
                  "product_id": "T043157-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.1.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.2.14",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.2.14",
                  "product_id": "T043158"
                }
              },
              {
                "category": "product_version",
                "name": "3.2.14",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.2.14",
                  "product_id": "T043158-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.2.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.3.11",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.3.11",
                  "product_id": "T043159"
                }
              },
              {
                "category": "product_version",
                "name": "3.3.11",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.3.11",
                  "product_id": "T043159-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.3.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.4.5",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.4.5",
                  "product_id": "T043160"
                }
              },
              {
                "category": "product_version",
                "name": "3.4.5",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.4.5",
                  "product_id": "T043160-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.4.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spring Boot"
          }
        ],
        "category": "vendor",
        "name": "VMware Tanzu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-22235",
      "product_status": {
        "known_affected": [
          "T043157",
          "T043158",
          "T043159",
          "T043160",
          "T043156"
        ]
      },
      "release_date": "2025-04-24T22:00:00.000+00:00",
      "title": "CVE-2025-22235"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-22235 (GCVE-0-2025-22235)

Vulnerability from cvelistv5

ghsa-rc42-6c7j-7h5r

Vulnerability from github

fkie_cve-2025-22235

Vulnerability from fkie_nvd

wid-sec-w-2025-0887

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature