CVE-2025-41234

CWE-1137 documents6 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 52.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Spring Framework

Timeline

PublishedJun 12

Latest updateJun 13

Description

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an application is vulnerable when all the following are true: * The header is prepared with org.springframework.http.ContentDisposition. * The filename is set via ContentDisposition.Builder…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:NExploitability: 1.3 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5vmware/spring_framework6.0.5 — 6.0.28+2

▶Mavenorg.springframework:spring-web6.2.0 — 6.2.8+2

🔴Vulnerability Details

GHSA

Spring Framework vulnerable to a reflected file download (RFD)↗2025-06-13

▶

OSV

Spring Framework vulnerable to a reflected file download (RFD)↗2025-06-13

▶

CVEList

RFD Attack via “Content-Disposition” Header Sourced from Request↗2025-06-12

▶

OSV

CVE-2025-41234: Description In Spring Framework, versions 6↗2025-06-12

▶

📋Vendor Advisories

Red Hat

springframework: Reflected download attack in Spring Framework with non-ASCII headers↗2025-06-12

▶

Debian

CVE-2025-41234: libspring-java - Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and...↗2025

▶