AI description
CVE-2025-41253 affects Spring Cloud Gateway Server Webflux applications. It involves the potential exposure of environment variables and system properties through the use of Spring Expression Language (SpEL) in application routes. The vulnerability arises when an admin or an untrusted third party uses SpEL to access these variables and properties via routes. Specifically, the vulnerability can be triggered if the Spring Cloud Gateway Server Webflux actuator web endpoint is enabled and accessible without authentication. An attacker could then create or modify routes via the actuator endpoint, injecting SpEL expressions to access sensitive beans like `@systemProperties` and `@systemEnvironment`. This could allow the attacker to read sensitive information, including authentication tokens, API keys, and database credentials, from the application's runtime environment.
- Description
- The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes. * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security@vmware.com
- CWE-917
- Hype score
- Not currently trending
#VulnerabilityReport #CSRF Spring Patches Two Flaws: SpEL Injection (CVE-2025-41253) Leaks Secrets, STOMP CSRF Bypasses WebSocket Security https://t.co/wVXbhjH0ID
@Komodosec
22 Nov 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Finally my PoC is out for CVE-2025-41253 Using Spring Expression Language To Expose Environment Variables and System Properties https://t.co/J3wzJ1O4t1
@psytester1
10 Nov 2025
5795 Impressions
21 Retweets
74 Likes
30 Bookmarks
1 Reply
0 Quotes
⚠️Vulnerabilidad en productos Spring ❗CVE-2025-41253 ➡️Más info: https://t.co/4Hf5xHxOSb https://t.co/eR3qSY9AIm
@CERTpy
23 Oct 2025
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨Spring Patches Two Critical Flaws CVE-2025-41253: SpEL misuse in Spring Cloud Gateway (WebFlux) could expose environment variables and secrets. CVE-2025-41254: A vulnerability in Spring Framework's STOMP over WebSocket allows attackers to bypass CSRF and send unauthorized
@zoomeye_team
17 Oct 2025
837 Impressions
0 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-41253 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An… https://t.co/otZO92x109
@CVEnew
16 Oct 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
**CVE-2025-41253** is a high-severity security flaw affecting **Spring Cloud Gateway Server Webflux**. The vulnerability allows unauthenticated attackers to exploit Spring Expression Language (SpEL) expressions to access environment variables and system properties via maliciously
@CveTodo
16 Oct 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes