Medium severity5.3GHSA Advisory· Published Mar 24, 2025· Updated Apr 15, 2026
CVE-2025-22223
CVE-2025-22223
Description
Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass.
You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized types or methods, or all method security annotations are attached to target methods
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.security:spring-security-coreMaven | >= 6.4.0, < 6.4.4 | 6.4.4 |
Affected products
3- Range: >= 6.4.0, < 6.4.4
- osv-coords2 versions
< 2.492.2-r2+ 1 more
- (no CPE)range: < 2.492.2-r2
- (no CPE)range: >= 6.4.0, < 6.4.4
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.