ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7659 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.4)

org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.17.0, =1.17.0, =1.17.0, =1.21.0 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

ai.driftkit:driftkit-audio-core (>=0.5.0 <=0.8.3), ai.driftkit:driftkit-audio-spring-boot-starter (>=0.5.0 <=0.8.7) +4054 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.3.0 <=3.3.10)

org.springframework.boot:spring-boot MAVEN version =3.3.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.5.0, =0.5.0, =0.7.9, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235

CVE-2025-22235 : EndpointRequest.to() creates a matcher for /null when the actuator endpoint is disabled or not exposed. IBM advisories confirm this CVE as addressed by IBM Library Support for Spring: upgrade to fixed versions in the remediation table (e.g., IBM Library Support for Spring 6.2.x →...

PT-2025-18049

Name of the Vulnerable Software and Affected Versions Spring Boot version 2.7.x Description The issue arises when EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. An application may be affected if ...

VMware Spring Boot < 2.7.25, 3.0.x < 3.1.16, 3.2.x < 3.2.14, 3.3.x < 3.3.11, 3.4.x < 3.4.5 Matcher Vulnerability - Linux

VMware Spring Boot is prone to a matcher vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:springboot";...

VMware Spring Boot 安全漏洞

VMware Spring Boot is a set of open source frameworks from VMware, Inc. A security vulnerability exists in VMware Spring Boot that stems from EndpointRequest.to creating a null/ matcher when the endpoint is disabled or unexposed, which could lead to a security constraint bypass...

VMware Spring Boot < 2.7.25, 3.0.x < 3.1.16, 3.2.x < 3.2.14, 3.3.x < 3.3.11, 3.4.x < 3.4.5 Matcher Vulnerability - Windows

VMware Spring Boot is prone to a matcher vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:springboot";...

spring-boot-admin 注入漏洞

spring-boot-admin is a codecentric open source based on Spring boot Mybatis open source backend management system , with user management , menu management and role management 3 functions , permission control to the button level . spring-boot-admin version 1.0 there are injection vulnerabilities ,...

ai.langsa:ccaas-starter (>=0.5 <=cloud-0.3), au.csiro.pathling:fhir-server (>=6.4.0 <=7.1.0) +4643 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.7.0 <=3.3.10)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.7.0, =0.5, =6.4.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =2.10.0, =1.1.0, =1.1.0, =2.3.0, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3...

ai.ancf.lmos:arc-runner (=0.114.0), ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0) +1606 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=3.4.0 <=3.4.4)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =3.4.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =1.10.0, =1.10.0, =1.10.0, =1.55.1, =2.3.0 and more Source cves: CVE-2025-22235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-98045...

This Week in Spring - April 22nd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring , which I'm writing from magnificent Minneapolis, Minnesota, where I'm recording an amazing Frontend Masters course introducing Spring Boot. I love this article introducing Spring AI in JavaPro magazine Want to run an LLM...

My-BBS 安全漏洞

My-BBS is a SpringBoot + Mybatis + Thymeleaf technology implemented BBS forum system by ZHENFENG13 individual developer. A security vulnerability exists in My-BBS version 1.0, which stems from a cross-site request forgery issue...

📄 Spring Boot common-user-management 0.1 Shell Upload

Spring Boot common-user-management version 0.1 suffers from a remote shell upload vulnerability. Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...

Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)

Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link: https://github.com/OsamaTaher/Java-springboot-codebase Version: app version 0.1 Tested on: Debian Linux CVE :...

Exploit for CVE-2024-38819

This is a proof-of-concept PoC exploit for CVE-2024-38819, a high-risk path traversal vulnerability in the Spring Framework. The vulnerability allows an attacker to access sensitive files on the server by constructing a malicious HTTP request with a specially crafted path. The PoC code is a simpl...

nimrod SQL注入漏洞

nimrod is a Spring Boot-based enterprise-grade monolithic application rapid development framework for the Java Web platform by the individual developer godcheese. A SQL injection vulnerability exists in nimrod version 0.8, which stems from the fact that incorrect manipulation of the parameter Nam...

nimrod 代码问题漏洞

nimrod is a Spring Boot-based enterprise-grade monolithic application rapid development framework for the Java Web platform by the individual developer godcheese. A code issue vulnerability exists in nimrod version 0.8, which stems from an incorrect operation of the parameter File that can lead t...