PT-2025-12405 · Unknown · Spring Security

Published

2025-03-19

·

Updated

2025-03-24

·

CVE-2025-22223

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Spring Security versions 6.4.0 through 6.4.3
Description The issue may cause an authorization bypass due to incorrect location of method security annotations on parameterized types or methods. This affects users who have @EnableMethodSecurity enabled and use method security annotations on parameterized types or methods.
Recommendations For Spring Security versions 6.4.0 through 6.4.3, consider disabling the @EnableMethodSecurity annotation until a patch is available, or ensure that all method security annotations are attached to target methods to minimize the risk of exploitation.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-05743
CVE-2025-22223
GHSA-HH3M-G4QJ-4835

Affected Products

Spring Security