CVE-2025-41232

Name of the Vulnerable Software and Affected Versions Spring Security Aspects (affected versions not specified)

Description The issue concerns Spring Security Aspects not correctly locating method security annotations on private methods, potentially causing an authorization bypass. This can affect applications using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects with Spring Security method annotations on private methods. The target method may be invoked without proper authorization.

Recommendations For applications using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects with Spring Security-annotated private methods, consider avoiding the use of such configurations until a fix is available. As a temporary workaround, consider disabling the use of Spring Security annotations on private methods until a patch is available. Restrict access to methods with Spring Security annotations to minimize the risk of exploitation.