VYPR
Get started
← All advisories
High severity8.6NVD Advisory· Published May 30, 2025· Updated Apr 15, 2026

CVE-2025-41235

CVE-2025-41235

Description

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.cloud:spring-cloud-gateway-serverMaven
>= 4.2.0, < 4.2.34.2.3
org.springframework.cloud:spring-cloud-gateway-serverMaven
>= 4.1.0, < 4.1.84.1.8
org.springframework.cloud:spring-cloud-gateway-serverMaven
>= 4.0.0, <= 4.0.9
org.springframework.cloud:spring-cloud-gateway-serverMaven
< 3.1.103.1.10
org.springframework.cloud:spring-cloud-gateway-server-mvcMaven
>= 4.1.7, < 4.2.34.2.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.