Lucene search
K

14 matches found

OSV
OSV
added 2026/06/24 12:16 p.m.6 views

ROOT-APP-MAVEN-CVE-2025-41234 CVE-2025-41234 in io.root.org.springframework:spring-web - Patched by Root

Root has patched CVE-2025-41234 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...

6.5CVSS7.2AI score0.00533EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 7:0 a.m.19 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a...

9.8CVSS7.7AI score0.32257EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 6:45 a.m.5 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-web-6.2.3.jar(CVE-2025-41234)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to a reflected file download RFD attack in spring-web-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x a...

6.5CVSS7.5AI score0.00533EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/27 12:0 a.m.7 views

Spring Framework 6.0.5 < 6.0.29 / 6.1.x < 6.1.21 / 6.2.x < 6.2.8 Reflected File Download (CVE-2025-41234)

The version of Spring Framework installed on the remote host is 6.0.5 prior to 6.0.29, 6.1.x prior to 6.1.21, or 6.2.x prior to 6.2.8. It is, therefore, affected by a reflected file download vulnerability: - In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application...

6.5CVSS6.5AI score0.00533EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2025/06/17 12:0 a.m.8 views

This Week in Spring - June 17th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! We're in the middle of June already! And you know what that means? Warm weather, fun, and of course: the amazing SpringOne event in lovely Las Vegas, NV! The content catalog went live today! I'll be there doing, among other...

6.5CVSS7.2AI score0.00533EPSS
Exploits0
Wolfi
Wolfi
added 2025/06/14 1:46 p.m.17 views

CVE-2025-41234 vulnerabilities

Vulnerabilities for packages: thingsboard, apache-nifi, jenkins, apache-nifi-registry...

6.5CVSS6.8AI score0.00533EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/13 12:33 a.m.7 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +9858 more potentially affected by CVE-2025-41234 via org.springframework:spring-web (>=6.2.0 <=6.2.7)

org.springframework:spring-web MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 and more Source cves: CVE-2025-41234 Source advisory: OSV:GHSA-6R3C-XF4W-JXJM...

6.5CVSS6.7AI score0.00533EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/06/13 12:0 a.m.7 views

VMware Spring Framework 6.0.5 - 6.0.28, 6.1.0 - 6.1.20, 6.2.0 - 6.2.7 RFD Vulnerability - Windows

The VMware Spring Framework is prone to a reflected file download RFD vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS8AI score0.00533EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/06/12 10:15 p.m.3 views

CVE-2025-41234

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

6.5CVSS6.8AI score0.00533EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/06/12 9:50 p.m.7 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.112.0) +8110 more potentially affected by CVE-2025-41234 via org.springframework:spring-web (>=6.0.5 <=6.1.20)

org.springframework:spring-web MAVEN version =6.0.5, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.8.7 and more Source cves: CVE-2025-41234 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-10345766...

6.5CVSS6.7AI score0.00533EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/12 9:50 p.m.7 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +9858 more potentially affected by CVE-2025-41234 via org.springframework:spring-web (>=6.2.0 <=6.2.7)

org.springframework:spring-web MAVEN version =6.2.0, =0.1.0, =0.1.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 and more Source cves: CVE-2025-41234 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-10345766...

6.5CVSS6.7AI score0.00533EPSS
Exploits0
Cvelist
Cvelist
added 2025/06/12 9:14 p.m.29 views

CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

6.5CVSS0.00533EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/12 9:14 p.m.4 views

CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

6.5CVSS6.6AI score0.00533EPSS
Exploits0References3
Circl
Circl
added 2025/06/12 1:49 p.m.10 views

CVE-2025-41234

creationtimestamp| type| source ---|---|--- 2025-06-12 13:49:06+00:00| seen| https://bsky.app/profile/snicoll.be/post/3lrg2sogpfc2a 2025-06-12 16:11:42+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lrgcrqkre52f 2025-06-12 21:34:38+00:00| seen|...

6.5CVSS7.2AI score0.00533EPSS
Exploits0References6
Rows per page
Query Builder