CVE-2025-22223

{"id": "CVE-2025-22223", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-03-24T18:15:22.673", "references": [{"url": "https://spring.io/security/cve-2025-22223", "source": "security@vmware.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@vmware.com", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.\u00a0\n\nYou are not affected if you are not using @EnableMethodSecurity, or\nyou do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods"}, {"lang": "es", "value": "Es posible que Spring Security 6.4.0 - 6.4.3 no ubique correctamente las anotaciones de seguridad de m\u00e9todos en tipos o m\u00e9todos parametrizados. Esto puede provocar una omisi\u00f3n de autorizaci\u00f3n. Esto no se ve afectado si no utiliza @EnableMethodSecurity, si no tiene anotaciones de seguridad de m\u00e9todos en tipos o m\u00e9todos parametrizados, o si todas las anotaciones de seguridad de m\u00e9todos est\u00e1n asociadas a los m\u00e9todos de destino."}], "lastModified": "2025-03-27T16:45:46.410", "sourceIdentifier": "security@vmware.com"}