CNNVD-202510-2359 Information

CNNVD ID

CNNVD-202510-2359

Related CVE

CVE-2025-41253

• CNNVD Published: 2025-10-16

Description (Chinese)

Spring Cloud Gateway Server Webflux是Spring开源的一个网关服务器。 Spring Cloud Gateway Server Webflux存在安全漏洞，该漏洞源于Spring Expression Language可能暴露环境变量和系统属性，可能导致信息泄露。

Description (English)

Spring Cloud Gateway Server Webflux is a gateway server for Spring Open. There is a security loophole in Spring Cloud Gateway Server Webflux, which stems from the potential exposure of Spring Express Language to environmental variables and system properties, which may lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Spring

Published

2025-10-16

Last Modified

2026-02-24

References

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1 https://spring.io/security/cve/2025-41253

Patch

https://github.com/spring-cloud/spring-cloud-gateway/releases