CVE-2025-22223 Information

Description

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. 

You are not affected if you are not using @EnableMethodSecurity or you do not have method security annotations on parameterized types or methods or all method security annotations are attached to target methods

Reference

https://spring.io/security/cve-2025-22223