CNNVD-202509-2416 Information
CNNVD ID
CNNVD-202509-2416
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
Spring Security是Spring开源的一款具有认证和授权功能的安全框架。 Spring Security存在安全漏洞,该漏洞源于注解检测机制无法正确解析泛型超类中方法的注解,可能导致授权绕过。
Description (English)
Spring Security is a security framework for Spring open source with authentication and authorization functions. There is a security loophole in Spring Security, which stems from the inability of the annotated testing mechanism to correctly interpret the description of the generic super-moderate method, which may lead to a circumvention of the authorization.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Spring
Published
2025-09-16
Last Modified
2026-02-24
References
https://spring.io/security/cve-2025-41248 https://access.redhat.com/security/cve/cve-2025-41248 https://www.oracle.com/security-alerts/cpujan2026.html https://vigilance.fr/vulnerability/Spring-Framework-ingress-filtrering-bypass-via-Annotation-Detection-48237
Patch
https://spring.io/security/cve-2025-41248
Share on: