CVE-2025-22223

CWE-2905 documents5 sources

Severity

5.3MEDIUM

EPSS

0.0%

top 88.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spring Spring Security

Timeline

PublishedMar 24

Description

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶Mavenorg.springframework.security:spring-security-core6.4.0 — 6.4.4

▶CVEListV5spring/spring_security6.4.0-6.4.3

🔴Vulnerability Details

CVEList

CVE-2025-22223: Spring Security 6↗2025-03-24

▶

GHSA

Spring Security Vulnerable to Authorization Bypass via Security Annotations↗2025-03-24

▶

OSV

Spring Security Vulnerable to Authorization Bypass via Security Annotations↗2025-03-24

▶

📋Vendor Advisories

Red Hat

spring-security: authorization bypass via incorrectly locating method security annotations on parameterized types or methods↗2025-03-24

▶