CVE-2025-22223 MEDIUM

CVE-2025-22223

Vendor Spring
Product Spring Security
Weakness CWE-290
Published March 24, 2025
Last update March 24, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.  You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods

Key dates

02Disclosure timeline

March 24, 2025 CVE published
March 24, 2025 Record updated