CVE-2025-22223

Опубликовано: 24 мар. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.

You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods

Ссылки

https://spring.io/security/cve-2025-22223

EPSS

Процентиль: 8%

0.00029

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-290

Связанные уязвимости

CVE-2025-22223

CVSS3: 5.3

redhat

9 месяцев назад

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods

CVE-2025-22223

CVSS3: 5.3

debian

9 месяцев назад

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security ...

GHSA-hh3m-g4qj-4835

CVSS3: 5.3

github

9 месяцев назад

Spring Security Vulnerable to Authorization Bypass via Security Annotations

EPSS

Процентиль: 8%

0.00029

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-290