CNNVD-202510-2357 Information
CNNVD ID
CNNVD-202510-2357
Related CVE
- CNNVD Published: 2025-10-16
Description (Chinese)
Spring Framework是Spring开源的一款应用开发框架。 Spring Framework 6.2.0版本至6.2.11版本、6.1.0版本至6.1.23版本、6.0.x版本至6.0.29版本和5.3.0版本至5.3.45版本存在安全漏洞,该漏洞源于STOMP over WebSocket应用程序可能存在安全绕过,可能导致发送未经授权的消息。
Description (English)
Spring Platform is an application development framework for Spring open source. The security gap between Spring Platform version 6.2.0 and version 6.2.11, version 6.1.0 to version 6.1.23, version 6.0x to version 6.0.29 and version 5.3.0 to version 5.3.45 arises from the possible safe circumvention of the STOMP over WebSocket application, which may result in the sending of unauthorized messages.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Spring
Published
2025-10-16
Last Modified
2026-02-24
References
https://spring.io/security/cve/2025-41254 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N&version=3.1 https://vigilance.fr/vulnerability/Spring-Framework-Cross-Site-Request-Forgery-via-STOMP-Over-WebSocket-48509
Patch
https://github.com/spring-projects/spring-framework/releases
Share on: