K000160223: Spring cloud gateway vulnerability CVE-2025-41243

Security Advisory Description Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server...

ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +12 more potentially affected by CVE-2025-41243 via org.springframework.cloud:spring-cloud-gateway-server-webflux (=4.3.0)

org.springframework.cloud:spring-cloud-gateway-server-webflux MAVEN version =4.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-gateway-server-webflux and may be impacted: - ch.nexsol-tech.gateway:sample-gatewa...

CVE-2025-41243

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +36 more potentially affected by CVE-2025-41243 via org.springframework.cloud:spring-cloud-gateway-server (=4.3.0)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-gateway-server and may be impacted: - ch.nexsol-tech.gateway:sample-gateway =1.2.0, =1.2.0...

PT-2025-36574

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux may allow an attacker to modify Spring Environment properties. This is possible when the Spring Boot actuator is a dependency,...