{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22235", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-01-02T04:30:06.832Z", "datePublished": "2025-04-28T07:10:35.370Z", "dateUpdated": "2025-04-28T16:18:23.559Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Spring Boot", "vendor": "Spring", "versions": [{"lessThan": "2.7.25", "status": "affected", "version": "2.7.x", "versionType": "Enterprise Support Only"}, {"lessThan": "3.1.16", "status": "affected", "version": "3.1.x", "versionType": "Enterprise Support Only"}, {"lessThan": "3.2.14", "status": "affected", "version": "3.2.x", "versionType": "Enterprise Support Only"}, {"lessThan": "3.3.11", "status": "affected", "version": "3.3.x", "versionType": "OSS"}, {"lessThan": "3.4.5", "status": "affected", "version": "3.4.x", "versionType": "OSS"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><code>EndpointRequest.to()</code>&nbsp;creates a matcher for <code>null/**</code>&nbsp;if the actuator endpoint, for which the <code>EndpointRequest</code>&nbsp;has been created, is disabled or not exposed.</p><p>Your application may be affected by this if all the following conditions are met:</p><ul><li>You use Spring Security</li><li><code>EndpointRequest.to()</code>&nbsp;has been used in a Spring Security chain configuration</li><li>The endpoint which <code>EndpointRequest</code>&nbsp;references is disabled or not exposed via web</li><li>Your application handles requests to <code>/null</code>&nbsp;and this path needs protection</li></ul><p>You are not affected if any of the following is true:</p><ul><li>You don't use Spring Security</li><li>You don't use <code>EndpointRequest.to()</code></li><li>The endpoint which <code>EndpointRequest.to()</code>&nbsp;refers to is enabled and is exposed</li><li>Your application does not handle requests to <code>/null</code>&nbsp;or this path does not need protection</li></ul><br>"}], "value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n * You use Spring Security\n * EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n * The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n * Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n * You don't use Spring Security\n * You don't use EndpointRequest.to()\n * The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n * Your application does not handle requests to /null\u00a0or this path does not need protection"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-04-28T07:10:35.370Z"}, "references": [{"url": "https://spring.io/security/cve-2025-22235"}], "source": {"discovery": "UNKNOWN"}, "title": "Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-28T16:16:38.622106Z", "id": "CVE-2025-22235", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T16:18:23.559Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22235", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-28T16:16:38.622106Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T16:18:14.845Z"}}], "cna": {"title": "Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Spring", "product": "Spring Boot", "versions": [{"status": "affected", "version": "2.7.x", "lessThan": "2.7.25", "versionType": "Enterprise Support Only"}, {"status": "affected", "version": "3.1.x", "lessThan": "3.1.16", "versionType": "Enterprise Support Only"}, {"status": "affected", "version": "3.2.x", "lessThan": "3.2.14", "versionType": "Enterprise Support Only"}, {"status": "affected", "version": "3.3.x", "lessThan": "3.3.11", "versionType": "OSS"}, {"status": "affected", "version": "3.4.x", "lessThan": "3.4.5", "versionType": "OSS"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://spring.io/security/cve-2025-22235"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n * You use Spring Security\n * EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n * The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n * Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n * You don't use Spring Security\n * You don't use EndpointRequest.to()\n * The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n * Your application does not handle requests to /null\u00a0or this path does not need protection", "supportingMedia": [{"type": "text/html", "value": "<p><code>EndpointRequest.to()</code>&nbsp;creates a matcher for <code>null/**</code>&nbsp;if the actuator endpoint, for which the <code>EndpointRequest</code>&nbsp;has been created, is disabled or not exposed.</p><p>Your application may be affected by this if all the following conditions are met:</p><ul><li>You use Spring Security</li><li><code>EndpointRequest.to()</code>&nbsp;has been used in a Spring Security chain configuration</li><li>The endpoint which <code>EndpointRequest</code>&nbsp;references is disabled or not exposed via web</li><li>Your application handles requests to <code>/null</code>&nbsp;and this path needs protection</li></ul><p>You are not affected if any of the following is true:</p><ul><li>You don't use Spring Security</li><li>You don't use <code>EndpointRequest.to()</code></li><li>The endpoint which <code>EndpointRequest.to()</code>&nbsp;refers to is enabled and is exposed</li><li>Your application does not handle requests to <code>/null</code>&nbsp;or this path does not need protection</li></ul><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-04-28T07:10:35.370Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22235", "state": "PUBLISHED", "dateUpdated": "2025-04-28T16:18:23.559Z", "dateReserved": "2025-01-02T04:30:06.832Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-04-28T07:10:35.370Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n * You use Spring Security\n * EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n * The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n * Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n * You don't use Spring Security\n * You don't use EndpointRequest.to()\n * The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n * Your application does not handle requests to /null\u00a0or this path does not need protection"}, {"lang": "es", "value": "EndpointRequest.to() crea un comparador para null/** si el endpoint del actuador, para el que se cre\u00f3 EndpointRequest, est\u00e1 deshabilitado o no est\u00e1 expuesto. Su aplicaci\u00f3n puede verse afectada si se cumplen todas las siguientes condiciones: * Utiliza Spring Security * EndpointRequest.to() se ha utilizado en una configuraci\u00f3n de cadena de Spring Security * El punto final al que EndpointRequest hace referencia est\u00e1 deshabilitado o no est\u00e1 expuesto a trav\u00e9s de la web * Su aplicaci\u00f3n gestiona solicitudes a /null y esta ruta necesita protecci\u00f3n no se ver\u00e1 afectado si se cumple alguna de las siguientes condiciones: * No utiliza Spring Security * No utiliza EndpointRequest.to() * El endpoint al que EndpointRequest.to() hace referencia est\u00e1 habilitado y est\u00e1 expuesto * Su aplicaci\u00f3n no gestiona solicitudes a /null o esta ruta no necesita protecci\u00f3n"}], "id": "CVE-2025-22235", "lastModified": "2025-04-29T13:52:10.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2025-04-28T08:15:15.273", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2025-22235"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@vmware.com", "type": "Secondary"}]}

{"bugzilla": {"description": "org.springframework.boot/spring-boot: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed", "id": "2362668", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362668"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-20", "details": ["No description is available for this CVE."], "name": "CVE-2025-22235", "package_state": [{"cpe": "cpe:/a:redhat:amq_clients:2023", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "AMQ Clients"}, {"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "log4j:2/log4j", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "log4j", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Affected", "package_name": "spring-boot", "product_name": "streams for Apache Kafka"}], "public_date": "2025-04-28T07:10:35Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-22235\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22235\nhttps://github.com/advisories/GHSA-rc42-6c7j-7h5r\nhttps://spring.io/security/cve-2025-22235"], "threat_severity": "Important"}