CVE-2025-41235

CWE-444HTTP Request Smuggling4 documents4 sources
Severity
8.6HIGH
EPSS
0.4%
top 39.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Spring Cloud GatewayVmware Spring Cloud Gateway Server MVC
Timeline
PublishedMay 30

Description

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

CVEListV5vmware/spring_cloud_gateway_server_mvc4.1.7 - 4.2.2, 4.3.0-{M1, M2, RC1}4.3.0, 4.2.3, 4.1.8
CVEListV5vmware/spring_cloud_gateway2.2.10.RELEASE - 4.2.2, 4.3.0-{M1, M2, RC1}4.3.0, 4.2.3, 4.1.8, 4.0.12, 3.1.10

🔴Vulnerability Details

3
OSV
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies2025-05-30
GHSA
Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies2025-05-30
CVEList
CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies2025-05-30
CVE-2025-41235 (HIGH CVSS 8.6) | Spring Cloud Gateway Server forward | cvebase.io