High severity8.6GHSA Advisory· Published May 30, 2025· Updated Apr 15, 2026
CVE-2025-41235
CVE-2025-41235
Description
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.springframework.cloud:spring-cloud-gateway-serverMaven | >= 4.2.0, < 4.2.3 | 4.2.3 |
org.springframework.cloud:spring-cloud-gateway-serverMaven | >= 4.1.0, < 4.1.8 | 4.1.8 |
org.springframework.cloud:spring-cloud-gateway-serverMaven | >= 4.0.0, <= 4.0.9 | — |
org.springframework.cloud:spring-cloud-gateway-serverMaven | < 3.1.10 | 3.1.10 |
org.springframework.cloud:spring-cloud-gateway-server-mvcMaven | >= 4.1.7, < 4.2.3 | 4.2.3 |
Affected products
3- Range: >= 4.1.7, < 4.2.3
- ghsa-coords2 versionspkg:maven/org.springframework.cloud/spring-cloud-gateway-serverpkg:maven/org.springframework.cloud/spring-cloud-gateway-server-mvc
>= 4.2.0, < 4.2.3+ 1 more
- (no CPE)range: >= 4.2.0, < 4.2.3
- (no CPE)range: >= 4.1.7, < 4.2.3
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-6j2q-c73v-97c5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-41235ghsaADVISORY
- spring.io/security/cve-2025-41235nvdWEB
News mentions
0No linked articles in our index yet.