Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-22223

Опубликовано: 24 мар. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.  You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods

A flaw was found in the Spring Security framework. In certain configurations, an authorization bypass vulnerability may be exploited due to Spring Security not correctly locating method security annotations on parameterized types or methods.

Отчет

This issue does not affect you if you are not using @EnableMethodSecurity, do not have method security annotations on parameterized types or methods, or if all method security annotations are attached to target methods.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2spring-security-coreNot affected
OpenShift Developer Tools and ServicesjenkinsNot affected
Red Hat build of Apache Camel for Spring Boot 4spring-security-coreNot affected
Red Hat build of Quarkusquarkus-bomNot affected
Red Hat Data Grid 8spring-security-coreNot affected
Red Hat Fuse 7org.apache.servicemix.bundles.spring-security-coreOut of support scope
Red Hat Fuse 7spring-security-coreOut of support scope
Red Hat Integration Camel K 1spring-security-coreOut of support scope
Red Hat JBoss Enterprise Application Platform 7spring-security-coreNot affected
Red Hat JBoss Enterprise Application Platform 8spring-security-coreNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-290
https://bugzilla.redhat.com/show_bug.cgi?id=2354599spring-security: authorization bypass via incorrectly locating method security annotations on parameterized types or methods

EPSS

Процентиль: 11%
0.00036
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-22223

CVSS3: 5.3
nvd
11 месяцев назад

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.  You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods

debian логотип

CVE-2025-22223

CVSS3: 5.3
debian
11 месяцев назад

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security ...

github логотип

GHSA-hh3m-g4qj-4835

CVSS3: 5.3
github
11 месяцев назад

Spring Security Vulnerable to Authorization Bypass via Security Annotations

EPSS

Процентиль: 11%
0.00036
Низкий

5.3 Medium

CVSS3