Security Bulletin: Security Vulnerability in Spring Security Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-41248)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Spring Security Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type...

GHSA-JMP9-X22R-554X Spring Framework annotation detection mechanism may result in improper authorization

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

CVE-2025-41249

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

CVE-2025-41249

CVE-2025-41249 : The Spring Framework annotation detection mechanism may fail to resolve annotations on methods in type hierarchies with a parameterized super type with unbounded generics, potentially affecting applications that use Spring Security’s @EnableMethodSecurity. If you rely on method s...

CVE-2025-41248

The connected IBM security bulletins confirm CVE-2025-41248 is a Spring Framework annotation resolution issue affecting methods in type hierarchies with parameterized unbounded generics, potentially bypassing authorization when using EnableMethodSecurity (e.g., @PreAuthorize). Remediation via IBM...