CVE-2025-22235

Summary

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

Your application may be affected by this if all the following conditions are met:

  • You use Spring Security
  • EndpointRequest.to() has been used in a Spring Security chain configuration
  • The endpoint which EndpointRequest references is disabled or not exposed via web
  • Your application handles requests to /null and this path needs protection

You are not affected if any of the following is true:

  • You don't use Spring Security
  • You don't use EndpointRequest.to()
  • The endpoint which EndpointRequest.to() refers to is enabled and is exposed
  • Your application does not handle requests to /null or this path does not need protection

Affected Software

VendorProductVersion RangeStatus
SpringSpring Boot2.7.x < 2.7.25affected
SpringSpring Boot3.1.x < 3.1.16affected
SpringSpring Boot3.2.x < 3.2.14affected
SpringSpring Boot3.3.x < 3.3.11affected
SpringSpring Boot3.4.x < 3.4.5affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References