
We found results for “”
CVE-2025-22223
Good to know:


Date: March 24, 2025
Spring Security 6.4.0 through 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecurity, and You have a method security annotation on a parameterized superclass, interface, or overridden method and no annotation on the target method. This issue is fixed in version 6.4.4.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Authentication Bypass by Spoofing
CWE-290Top Fix

Upgrade Version
Upgrade to version org.springframework.security:spring-security-core:6.4.4;https://github.com/spring-projects/spring-security.git - 6.4.4
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |