Executive Summary

Informations
Name CVE-2025-22235 First vendor Publication 2025-04-28
Vendor Cve Last vendor Modification 2025-05-16

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

Your application may be affected by this if all the following conditions are met:

* You use Spring Security
* EndpointRequest.to()Â has been used in a Spring Security chain configuration
* The endpoint which EndpointRequest references is disabled or not exposed via web
* Your application handles requests to /null and this path needs protection

You are not affected if any of the following is true:

* You don't use Spring Security
* You don't use EndpointRequest.to()
* The endpoint which EndpointRequest.to()Â refers to is enabled and is exposed
* Your application does not handle requests to /null or this path does not need protection

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22235

Sources (Detail)

https://security.netapp.com/advisory/ntap-20250516-0010/
https://spring.io/security/cve-2025-22235
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2025-05-27 02:55:32
  • First insertion