Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-41234)

Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflect...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-22233)

Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for reques...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerabl...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), cc.ddrpa.dorian:forvariz-spring-boot-starter (>=1.0.0 <=1.1.0) +806 more potentially affected by CVE-2025-59952 via io.minio:minio (>=7.0.1 <=8.5.9)

io.minio:minio MAVEN version =7.0.1, =1.0.0, =1.0, =1.0.1, =1.3.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =11.0.1-RELEASE, =11.0.1-RELEASE, =12.0.1-RELEASE - cn.bootx.platform:bootx-demo =1.2.3 and more Source cves: CVE-2025-59952 Source advisory: SNYK:JAVA-IOMINIO-13147656...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), cc.ddrpa.dorian:forvariz-spring-boot-starter (>=1.0.0 <=1.1.0) +976 more potentially affected by CVE-2025-59952 via io.minio:minio (>=0.2.3 <=8.5.9)

io.minio:minio MAVEN version =0.2.3, =1.0.0, =1.0, =1.0.1, =1.3.1, =1.0.1, =1.3.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =0.2.2, =11.0.1-RELEASE, =12.0.1-RELEASE and more Source cves: CVE-2025-59952 Source advisory: OSV:GHSA-H7RH-XFPJ-HPCM...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228 PoC Objective Reproduce, explo...

CicadasCMS 代码注入漏洞

CicadasCMS is a content management framework based on SpringBoot Mybatis SpringSecurity Vue developed by westboy individual developers in China. A code injection vulnerability exists in CicadasCMS version 1.0, which originates from the incorrect operation of the parameter categoryName in the file...

A Bootiful Podcast: Spring Batch lead Mahmoud Ben Hassine

Hi, Spring fans! In this installment we talk to the legendary lead of the Spring Batch project, Mahmoud Ben Hassine, about the latest-and-greatest in Spring Batch in the Spring Boot 4 generation...

This Week in Spring - September 23rd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm preparing my talks for several amazing shows including: Commit Your Code conference in Plano, Texas starting tomorrow; Dev2Next in Colorado; Devoxx Belgium in Antwerp, Belgium; and CloudFoundry Days in Germany. So much go...

HTTP Service Client Enhancements

In this 3rd blog post of the Road to GA series that’s highlighting major features within the Spring portfolio for the next major versions to be released in November we’ll have a look at new features for HTTP service clients, which are a collaborative effort across several Spring projects...

Linux Distros Unpatched Vulnerability : CVE-2025-41249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type wit...

CVE-2025-41243

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

A Bootiful Podcast: Spring Cloud lead Spencer Gibb, live from SpringOne 2025

Hi, Spring fans! In this installment, we talk to the legendary lead of Spring Cloud and friend to the community, Spencer Gibb! This was recorded live from Las Vegas, NV, at the fantastic SpringOne 2025 event!...

Spring Framework 5.3.x < 5.3.45 / 6.1.x < 6.1.23 / 6.2.x < 6.2.11 Annotation Detection Vulnerability (CVE-2025-41249)

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.45, 6.1.x prior to 6.1.23, or 6.2.x prior to 6.2.11. It is, therefore, affected by an annotation detection vulnerability: - The Spring Framework annotation detection mechanism may not correctly resolve annotations ...

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

CVE-2025-41249 vulnerabilities

Vulnerabilities for packages: zipkin, nacos-docker, apache-hop-fips, apache-nifi, keycloak-config-cli, apache-hop, apache-activemq, apache-nifi-registry, thingsboard, jenkins, apache-activemq-fips, camunda-zeebe, nacos...

GHSA-JMP9-X22R-554X vulnerabilities

Vulnerabilities for packages: zipkin, nacos-docker, apache-hop-fips, apache-nifi, keycloak-config-cli, apache-hop, apache-activemq, apache-nifi-registry, thingsboard, jenkins, apache-activemq-fips, camunda-zeebe, nacos...

Spring Expression language property modification using Spring Cloud Gateway Server WebFlux

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

GHSA-Q2CJ-H8FW-Q4CC Spring Expression language property modification using Spring Cloud Gateway Server WebFlux

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server WebMVC is not vulnerable...

ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +12 more potentially affected by CVE-2025-41243 via org.springframework.cloud:spring-cloud-gateway-server-webflux (=4.3.0)

org.springframework.cloud:spring-cloud-gateway-server-webflux MAVEN version =4.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-gateway-server-webflux and may be impacted: - ch.nexsol-tech.gateway:sample-gatewa...