br.com.m4rc310:br-com-m4rc310-gql (=1.0.58), br.com.m4rc310:br-com-m4rc310-gtim (=1.0.58) +267 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.0.0 <=6.0.21)

org.springframework:spring-websocket MAVEN version =6.0.0, =3.1.1.0, =3.1.1.0, =2.0.35, =0.0.11, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.8.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...

at.aimon.ops:aimon-ops-api (>=0.0.1 <=0.0.2), cc.allio.uno:uno-starter-websocket (>=1.1.9 <=1.2.1) +704 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.2.0 <=6.2.11)

org.springframework:spring-websocket MAVEN version =6.2.0, =0.0.1, =1.1.9, =1.1.9, =3.5.5.3, =3.4.0.0, =3.4.0.0, =3.5.5.3, =1.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2025-41254 Source advisory: OSV:GHSA-7FCH-4F2F-JCGM...

GHSA-7FCH-4F2F-JCGM Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

CVE-2025-41254

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

DEBIAN-CVE-2025-41254

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

UBUNTU-CVE-2025-41254

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

EUVD-2025-34768

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

CVE-2025-41254 Spring Framework STOMP CSRF Vulnerability

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

CVE-2025-41254 Spring Framework STOMP CSRF Vulnerability

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

CVE-2025-41254

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: 6.2.0 - 6.2.11 6.1.0 - 6.1.23 6.0.x - 6.0.29 5.3.0 - 5.3.45 Older, unsupported versions are also affected...

Cross-site Request Forgery (CSRF)

Overview org.springframework:spring-websocket is a framework that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF vi...

ai.driftkit:driftkit-workflow-controllers (>=0.7.5 <=0.8.7), ai.driftkit:driftkit-workflow-engine-spring-boot-starter (>=0.7.0 <=0.8.7) +1159 more potentially affected by CVE-2025-41254 via org.springframework:spring-websocket (>=6.0.0 <=6.2.11)

org.springframework:spring-websocket MAVEN version =6.0.0, =0.7.5, =0.7.0, =0.5.0, =0.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.1, =1.0.31 and more Source cves: CVE-2025-41254 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-13608629...

Spring Framework 安全漏洞

Spring Framework is a Spring open source application development framework. A security vulnerability exists in Spring Framework versions 6.2.0 through 6.2.11, 6.1.0 through 6.1.23, 6.0.x through 6.0.29, and 5.3.0 through 5.3.45, which stems from a possible security bypass in a STOMP over WebSocke...

CVE-2025-41705

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

CVE-2025-41707

The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality...

Astra Linux - уязвимость в tomcat9

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...

CVE-2025-41707

The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality...

CVE-2025-41705

An unauthenticated remote attacker MITM can intercept the websocket messages to gain access to the login credentials for the Webfrontend...

CVE-2025-41707

The CVE-2025-41707 entry is associated with Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP and related QUINT4-series hardware. Multiple connected sources describe a denial-of-service vulnerability in the WebSocket handler that allows an unauthenticated remote attacker to trigger the issue by sending...

CVE-2025-41707 Phoenix Contact: WebSocket Handler Denial of Service

The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality...