13 matches found
CVE-2025-22235 vulnerabilities
Vulnerabilities for packages: apache-nifi...
Security Bulletin: IBM Operational Decision Manager for Oct 2025 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-22233...
Improper Authorization Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-22235
This High severity vulnerability known as CVE-2025-22235 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15, 8.19.16, 8.19.17, 8.19.18, 8.19.19, 8.19.20, 8.19.21, 8.19.23, 8.19.24 of Bitbucket Data...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in Spring [CVE-2025-22235]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in Spring , caused by Spring Boot EndpointRequest.to creating the wrong matcher if the actuator endpoint is not exposed CVE-2025-22235 . Spring is used as part of our Java Microservices. This vulnerabilitiy...
CVE-2025-22235 vulnerabilities
Vulnerabilities for packages: camunda-zeebe, keycloak-config-cli...
ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3041 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.1.0 <=3.1.12)
org.springframework.boot:spring-boot MAVEN version =3.1.0, =0.0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.0.6, =0.0.6, =0.0.28, =0.0.6, =0.0.7, =0.0.8, =0.0.11, =0.0.6, =0.3.2 - ai.timefold.solver:timefold-solver-spring-boot-autoconfigure =1.0.0 -...
ai.djl.spring:djl-spring-boot-starter-autoconfigure (=0.26), ai.djl.spring:djl-spring-boot-starter-mxnet-auto (=0.26) +4413 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.2.0 <=3.2.12)
org.springframework.boot:spring-boot MAVEN version =3.2.0, =1.5.0, =1.5.0, =0.0.1, =7.0.0, =0.25.7-rc.1, =0.8.0.BETA, =1.0.2, =1.0.6 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7782 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.4)
org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...
CVE-2025-22235
CVE-2025-22235 : EndpointRequest.to() creates a matcher for /null when the actuator endpoint is disabled or not exposed. IBM advisories confirm this CVE as addressed by IBM Library Support for Spring: upgrade to fixed versions in the remediation table (e.g., IBM Library Support for Spring 6.2.x →...
VMware Spring Boot < 2.7.25, 3.0.x < 3.1.16, 3.2.x < 3.2.14, 3.3.x < 3.3.11, 3.4.x < 3.4.5 Matcher Vulnerability - Windows
VMware Spring Boot is prone to a matcher vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:springboot";...
CVE-2025-22235
creationtimestamp| type| source ---|---|--- 2025-04-25 07:36:27+00:00| seen| https://bsky.app/profile/snicoll.be/post/3lnmplyg7ms23 2025-04-26 02:12:41+00:00| seen| https://bsky.app/profile/pmloik.bsky.social/post/3lnony6qhj42b 2025-04-28 08:10:50+00:00| seen|...
ai.langsa:ccaas-starter (>=0.5 <=cloud-0.3), au.csiro.pathling:fhir-server (>=6.4.0 <=7.1.0) +4676 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.7.0 <=3.3.10)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.7.0, =0.5, =6.4.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =2.10.0, =1.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3...
ai.ancf.lmos:arc-runner (=0.114.0), ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0) +1613 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.4.0 <=3.4.4)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.4.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =1.10.0, =1.14.0 and more Source cves: CVE-2025-22235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-9804539...