Spring_framework 5.3.x < 5.3.43 / 6.0.x < 6.0.28 / 6.1.x < 6.1.20 / 6.2.x < 6.2.7 (CVE-2025-22233)

🗓️ 22 May 2025 00:00:00Reported by TenableType

Spring Framework vulnerable versions prior to specified updates; CVE-2025-22233 requires action.

Reporter	Title	Published	Views	Family All 154
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Spring may affect IBM Business Automation Workflow - CVE-2024-38820, CVE-2025-22233	8 Oct 202515:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	7 Mar 202515:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library	23 Oct 202511:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820.	7 Apr 202519:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.	7 Oct 202507:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.2	21 Jun 202513:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security weakness in Spring Framework [CVE-2024-38820]	27 Feb 202516:58	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.	2 Mar 202608:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities	29 Apr 202519:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-context-6.2.3.jar (CVE-2025-22233)	24 Jun 202516:52	–	ibm

Source	Link
spring	www.spring.io/security/cve-2025-22233
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(237119);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2025-22233");
  script_xref(name:"IAVA", value:"2025-A-0364-S");

  script_name(english:"Spring_framework 5.3.x < 5.3.43 / 6.0.x < 6.0.28 / 6.1.x < 6.1.20 / 6.2.x < 6.2.7 (CVE-2025-22233)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of Spring_framework installed on the remote host is prior to 5.3.43, 6.0.28, 6.1.20, or 6.2.7. It is,
therefore, affected by a vulnerability as referenced in the CVE-2025-22233 advisory.

  - CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields
    patterns and for request parameter names. However, there are still cases where it is possible to bypass
    the disallowedFields checks. Affected Spring Products and Versions Spring Framework: * 6.2.0 - 6.2.6 *
    6.1.0 - 6.1.19 * 6.0.0 - 6.0.27 * 5.3.0 - 5.3.42 * Older, unsupported versions are also affected
    Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected
    version(s)Fix Version Availability 6.2.x 6.2.7 OSS6.1.x 6.1.20 OSS6.0.x 6.0.28 Commercial
    https://enterprise.spring.io/ 5.3.x 5.3.43 Commercial https://enterprise.spring.io/ No further mitigation
    steps are necessary. Generally, we recommend using a dedicated model object with properties only for data
    binding, or using constructor binding since constructor arguments explicitly declare what to bind together
    with turning off setter binding through the declarativeBinding flag. See the Model Design section in the
    reference documentation. For setting binding, prefer the use of allowedFields (an explicit list) over
    disallowedFields. Credit This issue was responsibly reported by the TERASOLUNA Framework Development Team
    from NTT DATA Group Corporation. (CVE-2025-22233)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://spring.io/security/cve-2025-22233");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Spring_framework version 5.3.43 / 6.0.28 / 6.1.20 / 6.2.7 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-22233");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/05/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pivotal_software:spring_framework");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:spring_framework");
  script_set_attribute(attribute:"stig_severity", value:"III");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("spring_jar_detection.nbin");
  script_require_keys("installed_sw/Spring Framework");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Spring Framework');

var constraints = [
  { 'fixed_version' : '5.3.43' },
  { 'min_version' : '6.0', 'fixed_version' : '6.0.28' },
  { 'min_version' : '6.1', 'fixed_version' : '6.1.20' },
  { 'min_version' : '6.2', 'fixed_version' : '6.2.7' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_NOTE
);

21 Jan 2026 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.13.1 - 5.3

EPSS0.01473

SSVC