PT-2025-12405 · Unknown · Spring Security
Published
2025-03-19
·
Updated
2025-03-24
·
CVE-2025-22223
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Spring Security versions 6.4.0 through 6.4.3
Description
The issue may cause an authorization bypass due to incorrect location of method security annotations on parameterized types or methods. This affects users who have
@EnableMethodSecurity enabled and use method security annotations on parameterized types or methods.Recommendations
For Spring Security versions 6.4.0 through 6.4.3, consider disabling the
@EnableMethodSecurity annotation until a patch is available, or ensure that all method security annotations are attached to target methods to minimize the risk of exploitation.Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Security