CNNVD-202506-1648 Information
CNNVD ID
CNNVD-202506-1648
Related CVE
- CNNVD Published: 2025-06-12
Description (Chinese)
VMware Spring Framework是美国威睿(VMware)公司的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 VMware Spring Framework 6.0.5至6.2.7版本存在安全漏洞,该漏洞源于ContentDisposition.Builder#filename(String, Charset)中用户输入未清理,可能导致反射型文件下载攻击。
Description (English)
VMware Spring Platform is an open-source Java, JavaEE application framework for VMware. The framework could help developers build high-quality applications. The security loophole in VMware Spring Framework versions 6.5.5 to 6.2.7 originates from uncleaned user input in ContentDisposition.Builder#filename (String, Charset), which may result in an anti-reflective file download attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
威睿
Published
2025-06-12
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-41234 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1 https://spring.io/security/cve-2025-41234 https://access.redhat.com/security/cve/cve-2025-41234
Patch
https://spring.io/security/cve-2025-41234
Share on: