ROOT-APP-MAVEN-CVE-2025-41249 CVE-2025-41249 in io.root.org.springframework:spring-core - Patched by Root

Root has patched CVE-2025-41249 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-AIKIDO-2026-11158 AIKIDO-2026-11158 in io.root.org.springframework:spring-core - Patched by Root

Root has patched AIKIDO-2026-11158 in the io.root.org.springframework:spring-core package for Root:Maven. Multiple fixed versions available...

Regular Expression Denial of Service (ReDoS)

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via pattern processing in AntPathMatcher. An attacker can cause denia...

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via caching of parsed Spring Expression Language SpEL...

Denial Of Service (DoS)

Spring Core is vulnerable to Denial of Service DoS. The vulnerability is due to inefficient handling of static resource resolution on Windows file systems, where specially crafted requests can take excessive time to process and hold HTTP connections open, leading to resource exhaustion and servic...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +7198 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.6)

org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.7.11, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.6.0 and more Source cves: CVE-2026-22745 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109618...

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via static resource resolution. An attacker can cause denia...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +27584 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=6.0.0 <=6.2.17)

org.springframework:spring-core MAVEN version =6.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-core (CVE-2025-41249)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41249 of spring-core-6.2.6.jar. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...

Security Bulletin: Vulnerability in spring-core affects IBM Netezza Appliance

Summary The spring-core package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-41249 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods...

Improper Authorization

org.springframework, spring-core is vulnerable to improper authorization. The vulnerability is due to incorrect annotation resolution on methods within type hierarchies that use unbounded generics, which allows an attacker to bypass security checks when Spring Security’s @EnableMethodSecurity...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "eventlet-0.39.0-py3-none-any.whl, commons-lang3-3.17.0.jar, spring-core-6.2.10.jar" which is vulnerable to "CVE-2025-58068, CVE-2025-48924, CVE-2025-41249". This bulletin contains information regarding the vulnerability and how it is addressed...

Incorrect Authorization

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Incorrect Authorization via the AnnotationsScanner and AnnotatedMethod class. An attacker can gain unauthorized...

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7974 more potentially affected by CVE-2025-41249 via org.springframework:spring-core (>=6.2.0 <=6.2.10)

org.springframework:spring-core MAVEN version =6.2.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.17.0, =1.17.0, =1.17.0, =3.3.0, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-41249 Source advisory: OSV:GHSA-JMP9-X22R-554X...

ai.ancf.lmos-router:lmos-router-hybrid-spring-boot-starter (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0) +23853 more potentially affected by CVE-2025-41249 via org.springframework:spring-core (>=6.0.0 <=6.2.10)

org.springframework:spring-core MAVEN version =6.0.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.12.1 and more Source cves: CVE-2025-41249 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-12817817...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +29003 more potentially affected by CVE-2025-41249 via org.springframework:spring-core (>=5.3.0 <=5.3.4)

org.springframework:spring-core MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2025-41249 Source advisory: OSV:GHSA-JMP9-X22R-554X...

Security Bulletin: Vulnerability in Spring Core affect watsonx.data

Summary Spring Core is vulnerable to security restriction bypass attacks, to denial of service attacks, and to arbritrary code excution attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-1199 DESCRIPTION: Pivotal Spring Security and Spring Framework could allow a remot...

Exploit for Code Injection in Vmware Spring_Framework

Expoitation-de-la-vuln-rabilit-CVE-2022-22965 La vulnérabilité...

Denial Of Service (DoS)

org.springframework: spring-core is vulnerable to Denial of Service DoS. The vulnerability is due to the mishandling of specially crafted HTTP requests, which can result in Denial of Service DoS. As a prerequisite, Spring MVC and Spring Security must be on the classpath for this vulnerability to ...

am.ik.access-logger:access-logger (>=0.1.6 <=0.2.0), cn.herodotus.engine:access-core (>=3.1.7.0 <=3.1.7.5) +663 more potentially affected by CVE-2024-22233 via org.springframework:spring-core (=6.0.15)

org.springframework:spring-core MAVEN version =6.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.access-logger:access-logger =0.1.6, =3.1.7.0, =3.1.7.0, =3.1.7.0, =3.1.7.3, =3.1.7.0,...