CVE
CVE-2025-22235
| CVE ID |
CVE-2025-22235
|
|---|---|
| CVSS Score |
7.3
|
| Operating System | |
| Affected Versions |
Spring Boot
|
| Patched Versions |
2.7.20-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: NVD - CVE-2025-22235
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection You are not affected if any of the following is true: * You don't use Spring Security * You don't use EndpointRequest.to() * The endpoint which EndpointRequest.to() refers to is enabled and is exposed * Your application does not handle requests to /null or this path does not need protection