CVE-2025-41249
Severity
7.5HIGH
EPSS
0.1%
top 77.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 16
Latest updateJan 15
Description
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.
Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.
You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in ge…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages2 packages
🔴Vulnerability Details
5GHSA
▶
OSV▶
CVE-2025-41249: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized supe↗2025-09-16
📋Vendor Advisories
5Oracle▶
Oracle Oracle Commerce Risk Matrix: Content Acquisition System, Workbench, Endeca Application Controller (Spring Framework) — CVE-2025-41249↗2026-01-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Platform (Spring Framework) — CVE-2025-41249↗2025-10-15
Red Hat
▶
Red Hat
▶
Debian▶
CVE-2025-41249: libspring-java - The Spring Framework annotation detection mechanism may not correctly resolve an...↗2025