AI description
CVE-2025-41249 is a vulnerability in the Spring Framework related to annotation detection. The flaw occurs when the framework incorrectly resolves annotations on methods within type hierarchies that have a parameterized super type with unbounded generics. This can lead to issues when these annotations are used for authorization decisions. This vulnerability affects applications using Spring Security's `@EnableMethodSecurity` feature. If an application does not use `@EnableMethodSecurity` or doesn't utilize security annotations on methods in generic superclasses or interfaces, it is not affected.
- Description
- The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41248 https://spring.io/security/cve-2025-41248 .
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-285
- Hype score
- Not currently trending
CVE-2025-41249 (CVSS:7.5, HIGH) is Awaiting Analysis. The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarc..https://t.co/3RwCzzAWD1 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
21 Sept 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos Spring ❗CVE-2025-41248 ❗CVE-2025-41249 ➡️Más info: https://t.co/A7PjBE0631 https://t.co/w7JS10Xcvl
@CERTpy
19 Sept 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alert: Critical vulnerabilities CVE-2025-41248 & CVE-2025-41249 in Spring Framework & Security may allow unauthorized access. Upgrade now to protect your applications. Link: https://t.co/yu7Z3Xnu1R #Vulnerabilities #Security #Upgrade #Protection #Applications #CVE #Framew
@dailytechonx
16 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Spring Security & Framework ALERT! CVE-2025-41248: Spring Security method security annotation bypass on parameterized types. CVE-2025-41249: Spring Framework annotation detection flaw in type hierarchies. ZoomEye Dork👉app="Spring Framework" || app=" Spring Secu
@zoomeye_team
16 Sept 2025
1449 Impressions
3 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨CVE-2025-41248 & CVE-2025-41249:Spring Framework and Spring Security Vulnerabilities Expose Authorization Bypass Risks CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types CVE-2025-41249: Spring Framework Ann
@HunterMapping
16 Sept 2025
5486 Impressions
17 Retweets
74 Likes
32 Bookmarks
1 Reply
0 Quotes
⚠️⚠️ CVE-2025-41248 & CVE-2025-41249: Spring Framework and Spring Security Vulnerabilities Expose Authorization Bypass Risks 🎯58k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/kh9YbvMu2n FOFA Query:app="Spring-Security"
@fofabot
16 Sept 2025
1376 Impressions
2 Retweets
22 Likes
7 Bookmarks
0 Replies
0 Quotes
🍃 Spring Security and Spring Framework have released joint fixes for CVE-2025-41248 and CVE-2025-41249. Please upgrade your Spring Security and Spring Framework dependencies accordingly. https://t.co/LzCctlrVGd
@sam_brannen
15 Sept 2025
2296 Impressions
7 Retweets
23 Likes
6 Bookmarks
0 Replies
0 Quotes