CVE-2025-41235

CVE-2025-41235 concerns Spring Cloud Gateway Server and is linked to an HTTP header handling flaw: it forwards X-Forwarded-For and Forwarded headers from untrusted proxies, enabling potential HTTP request/response smuggling (CWE-444). The vulnerability is associated with the gateway’s header proc...

CVE-2025-41235 CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

CVE-2025-41235 CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

PT-2025-23253 · Spring · Spring Cloud Gateway Server

Name of the Vulnerable Software and Affected Versions: Spring Cloud Gateway Server affected versions not specified Description: The issue concerns the forwarding of X-Forwarded-For and Forwarded headers from untrusted proxies by the Spring Cloud Gateway Server. This behavior can potentially lead ...

Broadcom Spring Cloud Gateway Server 环境问题漏洞

Broadcom Spring Cloud Gateway Server is a managed service and API gateway for the VMware Tanzu Platform for Cloud Foundry from Broadcom, Inc. A security vulnerability exists in Broadcom Spring Cloud Gateway Server that originates from forwarding X-Forwarded-For and Forwarded headers from untruste...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from exposing a heap dump endpoint when configuring Spring Boot Actuator...

CVE-2025-48927

CVE-2025-48927 concerns TeleMessage service configuring Spring Boot Actuator with an exposed /heapdump endpoint. Connected sources confirm the heapdump exposure stems from Actuator configuration and is implicated by multiple advisories (NVD entry, CISA KEV listing, and related GitHub/GHSA advisor...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

VulnCheck KEV: CVE-2025-48927

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

PT-2025-23110 · Unknown · Telemessage +1

Name of the Vulnerable Software and Affected Versions: TeleMessage versions through 2025-05-05 TeleMessage TM SGNL affected versions not specified Description: The TeleMessage service configures Spring Boot Actuator with an exposed heap dump endpoint at the /heapdump URI. This vulnerability has...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

This Week in Spring (AI) - May 27th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! This time, I'm talking to you after an insane week behind me. Last week I flew from San Francisco to Stockholm, Sweden where I was the speaker for the JForum event, a monthly meetup. Spring drew the largest audience to JForum...

Authentication Bypass

org.springframework.security, spring-security-aspects is vulnerable to an Authorization Bypass. The vulnerability is due to Spring Security Aspects not detecting method security annotations on private methods when @EnableMethodSecuritymode=ASPECTJ is used, allowing an attacker to invoke those...

Tmall_demo 安全特征问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A security feature issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from insufficient random values in the file /tmall/order/pay/...

Tmall_demo 代码注入漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code injection vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from a misbehavior of the component Search Box resulting in cross-site scripting...

Tmall_demo 安全漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A security vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from a cross-site request forgery due to misuse of the file tmall/admin/account/logout...

Tmall_demo 代码问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from the incorrect operation of the parameter File in the file tmall/admin/uploadProductImage, resulting in unlimited uploads...