Plataforma
java
Componente
spring-cloud/spring-cloud-gateway
Corrigido em
4.3.1
4.2.5
4.1.11
3.1.11
4.1.11
CVE-2025-41243 describes a remote code execution (RCE) vulnerability affecting Spring Cloud Gateway Server Webflux versions 3.1.0 through 4.3.1. This vulnerability arises from the ability to modify Spring Environment properties through unsecured Spring Boot actuator endpoints. Exploitation requires the actuator web endpoint to be enabled and accessible, potentially allowing attackers to execute arbitrary code on the server. A fix is available in version 4.3.1.
The impact of CVE-2025-41243 is severe. Successful exploitation allows an attacker to execute arbitrary code within the context of the Spring Cloud Gateway application. This could lead to complete system compromise, including data exfiltration, denial of service, and further lateral movement within the network. The vulnerability's reliance on exposed actuator endpoints means that applications with misconfigured security settings are particularly vulnerable. The ability to modify environment properties provides a flexible attack surface, potentially bypassing traditional security controls. This vulnerability shares similarities with other Spring framework vulnerabilities where improper configuration of actuator endpoints has led to exploitation.
CVE-2025-41243 was publicly disclosed on September 16, 2025. The CVSS score is 10.0 (CRITICAL). Public proof-of-concept exploits are likely to emerge given the vulnerability's severity and the ease of exploitation with proper endpoint exposure. The vulnerability's impact is amplified by the widespread use of Spring Cloud Gateway in enterprise applications. It is not currently listed on CISA KEV, but its criticality warrants close monitoring.
Organizations deploying Spring Cloud Gateway in production environments, particularly those with misconfigured security settings or legacy applications that expose actuator endpoints without proper authentication, are at significant risk. Shared hosting environments where users have limited control over application configuration are also vulnerable.
• java / server: Monitor application logs for unusual environment property modifications or requests targeting actuator endpoints. Use tools like jps to identify running Spring Cloud Gateway instances and then use netstat or ss to check for exposed actuator endpoints.
jps -l | grep SpringCloudGateway
ss -tulnp | grep 8080 # or the port your gateway uses• linux / server: Use journalctl to filter for errors or warnings related to Spring Cloud Gateway and actuator endpoints.
journalctl -u spring-cloud-gateway -f | grep -i actuator• generic web: Use curl to probe for the existence of actuator endpoints (e.g., /actuator/gateway).
curl http://your-gateway-host/actuator/gatewaydisclosure
Status do Exploit
EPSS
2.78% (percentil 86%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-41243 is to upgrade to Spring Cloud Gateway version 4.3.1 or later. If upgrading is not immediately feasible, consider disabling the actuator endpoints by setting management.endpoints.web.exposure.include=none in your application configuration. Alternatively, restrict access to the actuator endpoints using authentication and authorization mechanisms, such as Spring Security. Implement a Web Application Firewall (WAF) with rules to block requests targeting the actuator endpoints. Monitor application logs for suspicious activity related to actuator endpoint access and environment property modifications. After upgrading, confirm the fix by attempting to access the actuator endpoint with unauthorized credentials and verifying that access is denied.
Atualize Spring Cloud Gateway para a versão 4.3.1, 4.2.5, 4.1.11 ou 3.1.11, ou superior, conforme apropriado para sua versão. Certifique-se de que os endpoints do actuator estejam adequadamente protegidos e não sejam acessíveis para atacantes não autenticados. Considere desabilitar o endpoint 'gateway' se não for necessário.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-41243 is a critical remote code execution vulnerability in Spring Cloud Gateway versions 3.1.0–4.3.1, allowing attackers to modify environment properties and potentially execute arbitrary code.
You are affected if you are using Spring Cloud Gateway versions 3.1.0 through 4.3.1 and have exposed, unsecured Spring Boot actuator endpoints.
Upgrade to Spring Cloud Gateway version 4.3.1 or later. Alternatively, disable actuator endpoints or restrict access using authentication and authorization.
While no active exploitation has been confirmed, the vulnerability's criticality and ease of exploitation suggest it is likely to be targeted.
Refer to the Spring Security website and Spring Blog for official advisories and updates related to CVE-2025-41243.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.