CVE-2025-41249

CVE-2025-41249 : The Spring Framework annotation detection mechanism may fail to resolve annotations on methods in type hierarchies with a parameterized super type with unbounded generics, potentially affecting applications that use Spring Security’s @EnableMethodSecurity. If you rely on method s...

CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

CVE-2025-41248

The connected IBM security bulletins confirm CVE-2025-41248 is a Spring Framework annotation resolution issue affecting methods in type hierarchies with parameterized unbounded generics, potentially bypassing authorization when using EnableMethodSecurity (e.g., @PreAuthorize). Remediation via IBM...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-6.4.5.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-6.4.5.jar Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass...

Security Bulletin: Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations. This may cause an authorization bypass, which affects IBM watsonx.data

Summary Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized...

Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.

Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-22233...

Authentication Bypass

org.springframework.security, spring-security-aspects is vulnerable to an Authorization Bypass. The vulnerability is due to Spring Security Aspects not detecting method security annotations on private methods when @EnableMethodSecuritymode=ASPECTJ is used, allowing an attacker to invoke those...

The vulnerability of the configuration @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects in the Java framework for securing Spring-based industrial applications allows attackers to bypass the authentication process.

The vulnerability of the @EnableMethodSecurity'mode=ASPECTJ configuration or the spring-security-aspects Java framework for securing Spring-based industrial applications is related to a flaw in the data protection mechanism. Exploiting this vulnerability could allow an attacker to bypass...

GHSA-9PP5-9C7G-4R83 Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

CVE-2025-41232

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

CVE-2025-41232

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

CVE-2025-41232

CVE-2025-41232 affects multiple IBM and Spring-based products where Spring Security Aspects may fail to locate method security annotations on private methods, enabling potential authorization bypass when using @EnableMethodSecurity(mode=ASPECTJ) with spring-security-aspects and private annotated ...

CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

Missing Authentication for Critical Function

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improperly locating method security annotations on private...

PT-2025-22336 · Spring · Spring Security Aspects

Name of the Vulnerable Software and Affected Versions: Spring Security Aspects affected versions not specified Description: The issue concerns Spring Security Aspects not correctly locating method security annotations on private methods, potentially causing an authorization bypass. This can affec...

CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

CVE-2025-28410

CVE-2025-28410 concerns RUoYi v4.8.0. Multiple sources (NVD, Red Hat, OSV, CIRCL, ENISA EUVD) describe a privilege-escalation flaw in the remote procedure cancelAuthUserAll, where the request is not properly validated for administrative privileges. This enables an attacker to escalate from a non-...