CVE-2025-41243

Summary

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.

An application should be considered vulnerable when all the following are true:

  • The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).
  • Spring Boot actuator is a dependency.
  • The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway.
  • The actuator endpoints are available to attackers.
  • The actuator endpoints are unsecured.

Affected Software

VendorProductVersion RangeStatus
SpringCloud Gateway4.3.x < 4.3.1affected
SpringCloud Gateway4.2.x < 4.2.5affected
SpringCloud Gateway4.1.x, 4.0.x < 4.1.11affected
SpringCloud Gateway3.1.x < 3.1.11affected

Weaknesses

  • CWE-917: CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References