प्लेटफ़ॉर्म
java
घटक
spring-cloud/spring-cloud-gateway
में ठीक किया गया
4.3.1
4.2.5
4.1.11
3.1.11
4.1.11
CVE-2025-41243 describes a remote code execution (RCE) vulnerability affecting Spring Cloud Gateway Server Webflux versions 3.1.0 through 4.3.1. This vulnerability arises from the ability to modify Spring Environment properties through unsecured Spring Boot actuator endpoints. Exploitation requires the actuator web endpoint to be enabled and accessible, potentially allowing attackers to execute arbitrary code on the server. A fix is available in version 4.3.1.
The impact of CVE-2025-41243 is severe. Successful exploitation allows an attacker to execute arbitrary code within the context of the Spring Cloud Gateway application. This could lead to complete system compromise, including data exfiltration, denial of service, and further lateral movement within the network. The vulnerability's reliance on exposed actuator endpoints means that applications with misconfigured security settings are particularly vulnerable. The ability to modify environment properties provides a flexible attack surface, potentially bypassing traditional security controls. This vulnerability shares similarities with other Spring framework vulnerabilities where improper configuration of actuator endpoints has led to exploitation.
CVE-2025-41243 was publicly disclosed on September 16, 2025. The CVSS score is 10.0 (CRITICAL). Public proof-of-concept exploits are likely to emerge given the vulnerability's severity and the ease of exploitation with proper endpoint exposure. The vulnerability's impact is amplified by the widespread use of Spring Cloud Gateway in enterprise applications. It is not currently listed on CISA KEV, but its criticality warrants close monitoring.
Organizations deploying Spring Cloud Gateway in production environments, particularly those with misconfigured security settings or legacy applications that expose actuator endpoints without proper authentication, are at significant risk. Shared hosting environments where users have limited control over application configuration are also vulnerable.
• java / server: Monitor application logs for unusual environment property modifications or requests targeting actuator endpoints. Use tools like jps to identify running Spring Cloud Gateway instances and then use netstat or ss to check for exposed actuator endpoints.
jps -l | grep SpringCloudGateway
ss -tulnp | grep 8080 # or the port your gateway uses• linux / server: Use journalctl to filter for errors or warnings related to Spring Cloud Gateway and actuator endpoints.
journalctl -u spring-cloud-gateway -f | grep -i actuator• generic web: Use curl to probe for the existence of actuator endpoints (e.g., /actuator/gateway).
curl http://your-gateway-host/actuator/gatewaydisclosure
एक्सप्लॉइट स्थिति
EPSS
2.78% (86% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-41243 is to upgrade to Spring Cloud Gateway version 4.3.1 or later. If upgrading is not immediately feasible, consider disabling the actuator endpoints by setting management.endpoints.web.exposure.include=none in your application configuration. Alternatively, restrict access to the actuator endpoints using authentication and authorization mechanisms, such as Spring Security. Implement a Web Application Firewall (WAF) with rules to block requests targeting the actuator endpoints. Monitor application logs for suspicious activity related to actuator endpoint access and environment property modifications. After upgrading, confirm the fix by attempting to access the actuator endpoint with unauthorized credentials and verifying that access is denied.
Spring Cloud Gateway को संस्करण 4.3.1, 4.2.5, 4.1.11 या 3.1.11, या आपके संस्करण शाखा के अनुरूप उच्चतर संस्करण में अपडेट करें। सुनिश्चित करें कि एक्ट्यूएटर एंडपॉइंट्स को ठीक से सुरक्षित किया गया है और अनधिकृत हमलावरों के लिए सुलभ नहीं हैं। यदि आवश्यक न हो तो 'gateway' एंडपॉइंट को अक्षम करने पर विचार करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-41243 is a critical remote code execution vulnerability in Spring Cloud Gateway versions 3.1.0–4.3.1, allowing attackers to modify environment properties and potentially execute arbitrary code.
You are affected if you are using Spring Cloud Gateway versions 3.1.0 through 4.3.1 and have exposed, unsecured Spring Boot actuator endpoints.
Upgrade to Spring Cloud Gateway version 4.3.1 or later. Alternatively, disable actuator endpoints or restrict access using authentication and authorization.
While no active exploitation has been confirmed, the vulnerability's criticality and ease of exploitation suggest it is likely to be targeted.
Refer to the Spring Security website and Spring Blog for official advisories and updates related to CVE-2025-41243.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी pom.xml फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।