
We found results for “”
CVE-2025-41235
Good to know:

Date: May 30, 2025
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
Severity Score
Severity Score
Weakness Type (CWE)
Top Fix

Upgrade Version
Upgrade to version org.springframework.cloud:spring-cloud-gateway-mvc:4.2.3;org.springframework.cloud:spring-cloud-gateway-mvc:4.1.8;org.springframework.cloud:spring-cloud-starter-gateway:4.2.3;org.springframework.cloud:spring-cloud-starter-gateway:4.1.8;org.springframework.cloud:spring-cloud-gateway-server:4.2.3;org.springframework.cloud:spring-cloud-gateway-server:4.1.8;org.springframework.cloud:spring-cloud-gateway-server:3.1.10;org.springframework.cloud:spring-cloud-gateway-server-mvc:4.2.3;https://github.com/spring-cloud/spring-cloud-gateway.git - v4.3.0;https://github.com/spring-cloud/spring-cloud-gateway.git - v4.2.3;https://github.com/spring-cloud/spring-cloud-gateway.git - v4.1.8
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | NONE |