Spring Cloud Config vulnerabilities

2 known vulnerabilities affecting spring/spring_cloud_config.

Total CVEs

2

CISA KEV

0

Public exploits

1

Exploited in wild

0

Severity breakdown

MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2025-22232MEDIUMCVSS 5.3≥ 4.2.x, < 4.2.2≥ 4.1.x, < 4.1.6+4 more2025-04-10

CVE-2025-22232 [MEDIUM] CWE-287 CVE-2025-22232: Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header whe Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: * You have Spring Vault on the classpath of your Spring Cloud Config Server and * You are using the X-CONFIG-TOKEN header to send a Vault token to the Spri

CVE-2019-3799MEDIUMCVSS 6.5PoC≥ 2.0, < v2.0.4.RELEASE≥ 1.4, < v1.4.6.RELEASE+1 more2019-05-06

CVE-2019-3799 [MEDIUM] CWE-22 CVE-2019-3799: Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4. Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a dire