14 matches found
ROOT-APP-MAVEN-CVE-2025-41234 CVE-2025-41234 in io.root.org.springframework:spring-web - Patched by Root
Root has patched CVE-2025-41234 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager
Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a...
Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-web-6.2.3.jar(CVE-2025-41234)
Summary IBM Sterling Connect:Direct Web Services is vulnerable to a reflected file download RFD attack in spring-web-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x a...
Spring Framework 6.0.5 < 6.0.29 / 6.1.x < 6.1.21 / 6.2.x < 6.2.8 Reflected File Download (CVE-2025-41234)
The version of Spring Framework installed on the remote host is 6.0.5 prior to 6.0.29, 6.1.x prior to 6.1.21, or 6.2.x prior to 6.2.8. It is, therefore, affected by a reflected file download vulnerability: - In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application...
This Week in Spring - June 17th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! We're in the middle of June already! And you know what that means? Warm weather, fun, and of course: the amazing SpringOne event in lovely Las Vegas, NV! The content catalog went live today! I'll be there doing, among other...
CVE-2025-41234 vulnerabilities
Vulnerabilities for packages: thingsboard, apache-nifi, jenkins, apache-nifi-registry...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +9858 more potentially affected by CVE-2025-41234 via org.springframework:spring-web (>=6.2.0 <=6.2.7)
org.springframework:spring-web MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 and more Source cves: CVE-2025-41234 Source advisory: OSV:GHSA-6R3C-XF4W-JXJM...
VMware Spring Framework 6.0.5 - 6.0.28, 6.1.0 - 6.1.20, 6.2.0 - 6.2.7 RFD Vulnerability - Windows
The VMware Spring Framework is prone to a reflected file download RFD vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-41234
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +8110 more potentially affected by CVE-2025-41234 via org.springframework:spring-web (>=6.0.5 <=6.1.20)
org.springframework:spring-web MAVEN version =6.0.5, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.8.7 and more Source cves: CVE-2025-41234 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-10345766...
ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +9858 more potentially affected by CVE-2025-41234 via org.springframework:spring-web (>=6.2.0 <=6.2.7)
org.springframework:spring-web MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 and more Source cves: CVE-2025-41234 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-10345766...
CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...
CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...
CVE-2025-41234
creationtimestamp| type| source ---|---|--- 2025-06-12 13:49:06+00:00| seen| https://bsky.app/profile/snicoll.be/post/3lrg2sogpfc2a 2025-06-12 16:11:42+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lrgcrqkre52f 2025-06-12 21:34:38+00:00| seen|...