CVE-2025-41253
Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables
Description
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes. * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.
INFO
Published Date :
Oct. 16, 2025, 3:15 p.m.
Last Modified :
Oct. 16, 2025, 3:28 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2025-41253
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | dcf2e128-44bd-42ed-91e8-88f912c1401d | ||||
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Disable Spring Cloud Gateway actuator endpoint.
- Avoid SpEL for accessing properties in routes.
- Restrict access to sensitive endpoints.
- Update Spring Cloud Gateway to a patched version.
Public PoC/Exploit Available at Github
CVE-2025-41253 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-41253.
| URL | Resource |
|---|---|
| https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1 | |
| https://spring.io/security/cve/2025-41253 |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-41253 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-41253
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
个人漏洞研究知识库,用于积累和整理 CVE 漏洞分析、复现过程、漏洞特征说明、利用脚本及相关技术文档。包含漏洞复现指南、详细证明、完整漏洞说明等资料,便于学习和参考。
Shell Java Roff Makefile C Meson PowerShell C++ Batchfile Perl
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-41253 vulnerability anywhere in the article.
-
Daily CyberSecurity
Spring Patches Two Flaws: SpEL Injection (CVE-2025-41253) Leaks Secrets, STOMP CSRF Bypasses WebSocket Security
VMware Tanzu’s Spring team has released fixes for two vulnerabilities impacting Spring Cloud Gateway and the Spring Framework, one of which could allow attackers to expose sensitive environment variab ... Read more
-
Daily CyberSecurity
Critical ConnectWise Automate Flaw (CVE-2025-11492, CVSS 9.6) Allows RMM Agent Man-in-the-Middle Attack
ConnectWise has released a critical security update for its Automate remote monitoring and management (RMM) platform, addressing two high-severity vulnerabilities that could allow attackers to interce ... Read more
The following table lists the changes that have been made to the
CVE-2025-41253 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Oct. 16, 2025
Action Type Old Value New Value Added Description The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes. * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured. Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Added CWE CWE-917 Added Reference https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1 Added Reference https://spring.io/security/cve/2025-41253