VYPR
Medium severity5.3NVD Advisory· Published Jan 22, 2026· Updated Apr 15, 2026

CVE-2025-22234

CVE-2025-22234

Description

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.security:spring-security-coreMaven
>= 6.3.8, < 6.3.96.3.9
org.springframework.security:spring-security-coreMaven
>= 6.4.4, < 6.4.56.4.5

Affected products

1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.