CVE-2025-41232

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...

CVE-2025-41232

CVE-2025-41232 affects multiple IBM and Spring-based products where Spring Security Aspects may fail to locate method security annotations on private methods, enabling potential authorization bypass when using @EnableMethodSecurity(mode=ASPECTJ) with spring-security-aspects and private annotated ...

Java-springboot-codebase 信息泄露漏洞

Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects from osama individual developers. A security vulnerability exists in versions prior to Java-springboot-codebase c835c6f, which stems from an insufficient path traversal mechanism that could...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware, Inc. that provide illustrative security protection for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 6.4.0 through 6.4.5 that stems from not properly locating security annotations o...

PT-2025-22120 · Salesforce · Omnis Studio

Name of the Vulnerable Software and Affected Versions: Salesforce OmniStudio versions prior to Spring 2025 Description: The issue is related to an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards, which allows exposure of encrypted data. Recommendations: For...

Your First Spring AI 1.0 Application

Your First Spring AI 1.0 Application by Dr. Mark Pollack, Christian Tsolov, and Josh Long Hi, Spring fans! Spring AI is live on the Spring Initializr and everywhere fine bytes might be had. Ask your doctor if AI is right for you! It's an amazing time to be a Java and Spring developer. There's nev...

A Bootiful Podcast: This Week in Spring (AI) - May 20th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this, I'm in sunny Stockholm, Sweden for the JForum 123 installment. This is, apparently, the first time the meetup is completely full up since before the pandemic, with more than 150 people in attendance! Tak,...

Missing Authentication for Critical Function

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improperly locating method security annotations on private...

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework...

VMware Spring Framework < 5.3.43, 6.0.x < 6.0.28, 6.1.x < 6.1.20, 6.2.x < 6.2.7 Authorization Bypass Vulnerability - Linux

The VMware Spring Framework is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

app.valuationcontrol:library (>=0.5.8 <=0.5.9), at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2) +2660 more potentially affected by CVE-2025-41232 via org.springframework.security:spring-security-core (>=6.4.0 <=6.4.5)

org.springframework.security:spring-security-core MAVEN version =6.4.0, =0.5.8, =0.0.1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.1, =1.0.2, =1.0.4, =1.0.2, =1.0.16, =1.0.2, =1.0.4, =1.10.0, =1.10.0, =1.10.0, =1.15.1 and more Source cves: CVE-2025-41232 Source advisory:...

PT-2025-22336 · Spring · Spring Security Aspects

Name of the Vulnerable Software and Affected Versions: Spring Security Aspects affected versions not specified Description: The issue concerns Spring Security Aspects not correctly locating method security annotations on private methods, potentially causing an authorization bypass. This can affec...

MCP Authorization in practice with Spring AI and OAuth2

Last month, we explored how to secure Spring AI MCP Servers1 with the OAuth2 authorization framework. In the conclusion of that article, we mentioned we'd explore using standalone Authorization Servers for MCP Security and deviate from the then-current specification. Since we published the articl...

VMware Spring Framework < 5.3.43, 6.0.x < 6.0.28, 6.1.x < 6.1.20, 6.2.x < 6.2.7 Authorization Bypass Vulnerability - Windows

The VMware Spring Framework is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-22233

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2...

CVE-2025-4868

A vulnerability was found in merikbest ecommerce-spring-reactjs up to 464e610bb11cc2619cf6ce8212ccc2d1fd4277fd. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v1/admin/ of the component File Upload Endpoint. The manipulation of the argument...

ecommerce-spring-reactjs 路径遍历漏洞

ecommerce-spring-reactjs is an e-commerce webstore by the individual developer Miroslav Khotinskiy. A path traversal vulnerability exists in ecommerce-spring-reactjs, which stems from incorrect manipulation of the parameter filename in the component File Upload Endpoint resulting in path traversa...

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0) +11627 more potentially affected by CVE-2025-22233 via org.springframework:spring-context (>=6.1.0 <=6.1.2)

org.springframework:spring-context MAVEN version =6.1.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.11.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-linux-x8664...