CVE-2025-22235

CWE-20Improper Input ValidationCWE-862Missing AuthorizationCWE-8357 documents6 sources
Severity
7.3HIGH
EPSS
0.4%
top 39.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Spring Spring Boot
Timeline
PublishedApr 28

Description

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

CVEListV5spring/spring_boot2.7.x2.7.25+4
Mavenorg.springframework.boot:spring-boot3.3.03.3.11+4

🔴Vulnerability Details

4
OSV
CVE-2025-22235: EndpointRequest2025-04-28
GHSA
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed2025-04-28
OSV
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed2025-04-28
CVEList
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed2025-04-28

📋Vendor Advisories

2
Red Hat
org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed2025-04-28
Microsoft
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file2021-07-13
CVE-2025-22235 (HIGH CVSS 7.3) | EndpointRequest.to() creates a matc | cvebase.io