Spring Framework 5.3.x < 5.3.45 / 6.1.x < 6.1.23 / 6.2.x < 6.2.11 Annotation Detection Vulnerability (CVE-2025-41249)

🗓️ 18 Sep 2025 00:00:00Reported by TenableType

Spring Framework annotation detection vulnerability affects authorization on generic super types when using EnableMethodSecurity.

Reporter	Title	Published	Views	Family All 109
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed	29 Jan 202607:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-security-core-6.4.3.jar (CVE-2025-41248)	7 Oct 202507:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Authorization in Spring Framework [CVE-2025-41249]	17 Dec 202514:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0	5 Dec 202509:12	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	9 Dec 202515:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image	3 Mar 202613:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	31 Oct 202519:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.	3 Mar 202607:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM OpenPages fixes multiple Spring vulnerabilities	18 Nov 202518:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Spring (CVE-2025-41249)	31 Oct 202520:04	–	ibm

Source	Link
spring	www.spring.io/security/cve-2025-41249
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(265379);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id("CVE-2025-41249");
  script_xref(name:"IAVA", value:"2025-A-0680-S");

  script_name(english:"Spring Framework 5.3.x < 5.3.45 / 6.1.x < 6.1.23 / 6.2.x < 6.2.11 Annotation Detection Vulnerability (CVE-2025-41249)");

  script_set_attribute(attribute:"synopsis", value:
"The Spring Framework install on the remote host is affectec by an annotation detection vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.45, 6.1.x prior to 6.1.23, or 6.2.x
prior to 6.2.11. It is, therefore, affected by an annotation detection vulnerability:

  - The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type
    hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are
    used for authorization decisions. Your application may be affected by this if you are using Spring Security's
    @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do
    not use security annotations on methods in generic superclasses or generic interfaces. 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://spring.io/security/cve-2025-41249");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Spring Framework version 5.3.45, 6.1.22, or 6.2.11 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-41249");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/09/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:pivotal_software:spring_framework");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:spring_framework");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("spring_jar_detection.nbin");
  script_require_keys("installed_sw/Spring Framework");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Spring Framework', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version':'5.3.45'},
        {'min_version':'6.0.0', 'fixed_version':'6.1.23'},
        {'min_version':'6.2.0', 'fixed_version':'6.2.11'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

21 Jan 2026 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.5

EPSS0.00112

SSVC