CVE ID : CVE-2025-22235
Published : April 28, 2025, 8:15 a.m. | 4 hours, 14 minutes ago
Description : EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.
Your application may be affected by this if all the following conditions are met:
* You use Spring Security
* EndpointRequest.to() has been used in a Spring Security chain configuration
* The endpoint which EndpointRequest references is disabled or not exposed via web
* Your application handles requests to /null and this path needs protection
You are not affected if any of the following is true:
* You don’t use Spring Security
* You don’t use EndpointRequest.to()
* The endpoint which EndpointRequest.to() refers to is enabled and is exposed
* Your application does not handle requests to /null or this path does not need protection
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
