Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

UBUNTU-CVE-2025-22235

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235

CVE-2025-22235 : EndpointRequest.to() creates a matcher for /null when the actuator endpoint is disabled or not exposed. IBM advisories confirm this CVE as addressed by IBM Library Support for Spring: upgrade to fixed versions in the remediation table (e.g., IBM Library Support for Spring 6.2.x →...

VMware Spring Boot 安全漏洞

VMware Spring Boot is a set of open source frameworks from VMware, Inc. A security vulnerability exists in VMware Spring Boot that stems from EndpointRequest.to creating a null/ matcher when the endpoint is disabled or unexposed, which could lead to a security constraint bypass...

PT-2025-18049

Name of the Vulnerable Software and Affected Versions Spring Boot version 2.7.x Description The issue arises when EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. An application may be affected if ...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the EndpointRequest.to function that creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Note: This is only exploitable if all o...