Vulnerability-Lookup

WID-SEC-W-2025-0887

Vulnerability from csaf_certbund - Published: 2025-04-24 22:00 - Updated: 2025-11-25 23:00

Summary

VMware Tanzu Spring Boot: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Boot ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder nicht näher beschriebene Auswirkungen zu erzielen.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in VMware Tanzu Spring Boot ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder nicht n\u00e4her beschriebene Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0887 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0887.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0887 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0887"
      },
      {
        "category": "external",
        "summary": "Spring Boot Release Notes vom 2025-04-24",
        "url": "https://spring.io/blog/2025/04/24/spring-boot-CVE-2025-22235"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisory CVE-2025-22235 vom 2025-04-24",
        "url": "https://spring.io/security/cve-2025-22235"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7252567 vom 2025-11-26",
        "url": "https://www.ibm.com/support/pages/node/7252567"
      }
    ],
    "source_lang": "en-US",
    "title": "VMware Tanzu Spring Boot: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2025-11-25T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-26T11:02:13.594+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-0887",
      "initial_release_date": "2025-04-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-11-25T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Bitbucket \u003c10.0.2",
                  "product_id": "T048675"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Bitbucket 10.0.2",
                  "product_id": "T048675-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.19.25 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
                  "product_id": "T048676"
                }
              },
              {
                "category": "product_version",
                "name": "8.19.25 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket 8.19.25 (LTS)",
                  "product_id": "T048676-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.13 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
                  "product_id": "T048677"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.13 (LTS)",
                "product": {
                  "name": "Atlassian Bitbucket 9.4.13 (LTS)",
                  "product_id": "T048677-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM Operational Decision Manager",
            "product": {
              "name": "IBM Operational Decision Manager",
              "product_id": "T005180",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:operational_decision_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.7.25",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c2.7.25",
                  "product_id": "T043156"
                }
              },
              {
                "category": "product_version",
                "name": "2.7.25",
                "product": {
                  "name": "VMware Tanzu Spring Boot 2.7.25",
                  "product_id": "T043156-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:2.7.25"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.1.16",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.1.16",
                  "product_id": "T043157"
                }
              },
              {
                "category": "product_version",
                "name": "3.1.16",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.1.16",
                  "product_id": "T043157-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.1.16"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.2.14",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.2.14",
                  "product_id": "T043158"
                }
              },
              {
                "category": "product_version",
                "name": "3.2.14",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.2.14",
                  "product_id": "T043158-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.2.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.3.11",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.3.11",
                  "product_id": "T043159"
                }
              },
              {
                "category": "product_version",
                "name": "3.3.11",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.3.11",
                  "product_id": "T043159-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.3.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.4.5",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.4.5",
                  "product_id": "T043160"
                }
              },
              {
                "category": "product_version",
                "name": "3.4.5",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.4.5",
                  "product_id": "T043160-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.4.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spring Boot"
          }
        ],
        "category": "vendor",
        "name": "VMware Tanzu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-22235",
      "product_status": {
        "known_affected": [
          "T043157",
          "T043158",
          "T043159",
          "T043160",
          "T005180",
          "T048677",
          "T048676",
          "T043156",
          "T048675"
        ]
      },
      "release_date": "2025-04-24T22:00:00.000+00:00",
      "title": "CVE-2025-22235"
    }
  ]
}

CVE-2025-22235 (GCVE-0-2025-22235)

Vulnerability from cvelistv5 – Published: 2025-04-28 07:10 – Updated: 2025-05-16 23:03

Title

Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

Summary

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection You are not affected if any of the following is true: * You don't use Spring Security * You don't use EndpointRequest.to() * The endpoint which EndpointRequest.to() refers to is enabled and is exposed * Your application does not handle requests to /null or this path does not need protection

Severity ?

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-20 - Improper Input Validation

Assigner

vmware

References

URL

Tags

https://spring.io/security/cve-2025-22235

Impacted products

	Vendor	Product	Version
	Spring	Spring Boot	Affected: 2.7.x , < 2.7.25 (Enterprise Support Only) Affected: 3.1.x , < 3.1.16 (Enterprise Support Only) Affected: 3.2.x , < 3.2.14 (Enterprise Support Only) Affected: 3.3.x , < 3.3.11 (OSS) Affected: 3.4.x , < 3.4.5 (OSS)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22235",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T16:16:38.622106Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T16:18:23.559Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-16T23:03:06.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250516-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "2.7.25",
              "status": "affected",
              "version": "2.7.x",
              "versionType": "Enterprise Support Only"
            },
            {
              "lessThan": "3.1.16",
              "status": "affected",
              "version": "3.1.x",
              "versionType": "Enterprise Support Only"
            },
            {
              "lessThan": "3.2.14",
              "status": "affected",
              "version": "3.2.x",
              "versionType": "Enterprise Support Only"
            },
            {
              "lessThan": "3.3.11",
              "status": "affected",
              "version": "3.3.x",
              "versionType": "OSS"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.x",
              "versionType": "OSS"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;creates a matcher for \u003ccode\u003enull/**\u003c/code\u003e\u0026nbsp;if the actuator endpoint, for which the \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;has been created, is disabled or not exposed.\u003c/p\u003e\u003cp\u003eYour application may be affected by this if all the following conditions are met:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou use Spring Security\u003c/li\u003e\u003cli\u003e\u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;has been used in a Spring Security chain configuration\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest\u003c/code\u003e\u0026nbsp;references is disabled or not exposed via web\u003c/li\u003e\u003cli\u003eYour application handles requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;and this path needs protection\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eYou are not affected if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eYou don\u0027t use Spring Security\u003c/li\u003e\u003cli\u003eYou don\u0027t use \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe endpoint which \u003ccode\u003eEndpointRequest.to()\u003c/code\u003e\u0026nbsp;refers to is enabled and is exposed\u003c/li\u003e\u003cli\u003eYour application does not handle requests to \u003ccode\u003e/null\u003c/code\u003e\u0026nbsp;or this path does not need protection\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n  *  You use Spring Security\n  *  EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n  *  The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n  *  Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n  *  You don\u0027t use Spring Security\n  *  You don\u0027t use EndpointRequest.to()\n  *  The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n  *  Your application does not handle requests to /null\u00a0or this path does not need protection"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-28T07:10:35.370Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2025-22235"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-22235",
    "datePublished": "2025-04-28T07:10:35.370Z",
    "dateReserved": "2025-01-02T04:30:06.832Z",
    "dateUpdated": "2025-05-16T23:03:06.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-0887

CVE-2025-22235 (GCVE-0-2025-22235)

Tags

Sightings

Nomenclature