- Description
- The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41249 https://spring.io/security/cve-2025-41249 .
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-289
- Hype score
- Not currently trending
CVE-2025-41248 (CVSS:7.5, HIGH) is Awaiting Analysis. The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarch..https://t.co/tGah2qZRVu #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
21 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos Spring ❗CVE-2025-41248 ❗CVE-2025-41249 ➡️Más info: https://t.co/A7PjBE0631 https://t.co/w7JS10Xcvl
@CERTpy
19 Sept 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: Critical vulnerabilities CVE-2025-41248 & CVE-2025-41249 in Spring Framework & Security may allow unauthorized access. Upgrade now to protect your applications. Link: https://t.co/yu7Z3Xnu1R #Vulnerabilities #Security #Upgrade #Protection #Applications #CVE #Framew
@dailytechonx
16 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Spring Security & Framework ALERT! CVE-2025-41248: Spring Security method security annotation bypass on parameterized types. CVE-2025-41249: Spring Framework annotation detection flaw in type hierarchies. ZoomEye Dork👉app="Spring Framework" || app=" Spring Secu
@zoomeye_team
16 Sept 2025
1449 Impressions
3 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-41248 & CVE-2025-41249:Spring Framework and Spring Security Vulnerabilities Expose Authorization Bypass Risks CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types CVE-2025-41249: Spring Framework Ann
@HunterMapping
16 Sept 2025
5486 Impressions
17 Retweets
74 Likes
32 Bookmarks
1 Reply
0 Quotes
⚠️⚠️ CVE-2025-41248 & CVE-2025-41249: Spring Framework and Spring Security Vulnerabilities Expose Authorization Bypass Risks 🎯58k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/kh9YbvMu2n FOFA Query:app="Spring-Security"
@fofabot
16 Sept 2025
1376 Impressions
2 Retweets
22 Likes
7 Bookmarks
0 Replies
0 Quotes
🍃 Spring Security and Spring Framework have released joint fixes for CVE-2025-41248 and CVE-2025-41249. Please upgrade your Spring Security and Spring Framework dependencies accordingly. https://t.co/LzCctlrVGd
@sam_brannen
15 Sept 2025
2296 Impressions
7 Retweets
23 Likes
6 Bookmarks
0 Replies
0 Quotes