CVE-2025-41235

Summary

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.

Affected Software

VendorProductVersion RangeStatus
VMwareSpring cloud Gateway2.2.10.RELEASE - 4.2.2, 4.3.0-{M1, M2, RC1} < 4.3.0, 4.2.3, 4.1.8, 4.0.12, 3.1.10affected
VMwareSpring Cloud Gateway Server MVC4.1.7 - 4.2.2, 4.3.0-{M1, M2, RC1} < 4.3.0, 4.2.3, 4.1.8affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References