AI description
CVE-2025-41243 is a vulnerability in Spring Cloud Gateway Server WebFlux that allows attackers to modify Spring Environment properties through the Spring Expression Language (SpEL). Disclosed on September 8, 2025, the vulnerability exists when an application uses Spring Cloud Gateway Server WebFlux, includes the Spring Boot actuator as a dependency, enables the Gateway Server WebFlux actuator web endpoint via `management.endpoints.web.exposure.include=gateway`, and exposes unsecured actuator endpoints. Successful exploitation of this vulnerability can allow attackers to manipulate sensitive Spring Environment properties. The vulnerability is due to the `GatewayEvaluationContext` constructor not disabling property assignment in the SpEL `EvaluationContext`, which could allow a crafted SpEL expression to modify application properties. To mitigate this, users are advised to upgrade to patched versions or secure their actuator endpoints.
- Description
- Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * Spring Boot actuator is a dependency. * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security@vmware.com
- CWE-94
- Hype score
- Not currently trending
CVE-2025-41243 PoC for SpEL property modification using Spring Cloud Gateway Server https://t.co/PZFJEDaoul
@Dinosn
26 Sept 2025
438 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
My PoC is out there, or what it is supposed to represent if CVSS scrore 10.0 on CVE-2025-41243: Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux At least property modification within its route context is possible https://t.co/WmelNOH9N0
@psytester1
24 Sept 2025
3595 Impressions
13 Retweets
35 Likes
14 Bookmarks
2 Replies
0 Quotes
🗣️ PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0 https://t.co/6Vmk7EMQV0
@fridaysecurity
22 Sept 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw (CVE-2025-41243) in Spring Cloud Gateway with a CVSS 10.0 score allows unauthenticated RCE via SpEL injection. A PoC has been released. #SpringCloud #Vulnerability #Cybersecurity #SpEL #RCE https://t.co/RSI8J65ADa
@the_yellow_fall
22 Sept 2025
219 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41243 Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the follow… https://t.co/7KxOMowaqj
@CVEnew
19 Sept 2025
274 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-41243: CRITICAL] Beware of cyber threats targeting Spring Cloud Gateway Server Webflux. Vulnerabilities arise from Spring Environment property modification and open actuator endpoints to attackers.#cve,CVE-2025-41243,#cybersecurity https://t.co/Z1rxfE5T0E https://t.co/h
@CveFindCom
16 Sept 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41243 – Spring Cloud Gateway WebFlux Actuator Property Modification Vulnerability Analysis Report — By CyberDudeBivash View the full report on ............ https://t.co/NaTbJ35iuO https://t.co/Fbl8acNjbI
@Iambivash007
9 Sept 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes