CVE-2025-4328

Name of the Vulnerable Software and Affected Versions spring-cloud-base versions up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa

Description A problem has been declared in the function sendBack of the file /spring-cloud-base-master/auth-center/auth-center-provider/src/main/java/com/peng/auth/provider/config/web/MvcController.java, which is part of the HTTP Header Handler component. The manipulation of the Referer argument leads to an open redirect. This issue can be exploited remotely.

Recommendations For spring-cloud-base versions up to 7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa, as a temporary workaround, consider restricting access to the sendBack function in the MvcController.java file until a fix is available. Additionally, restrict the manipulation of the Referer argument to prevent open redirect attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.