VYPR
High severity7.5GHSA Advisory· Published Sep 16, 2025· Updated Apr 15, 2026

CVE-2025-41248

CVE-2025-41248

Description

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.

Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.

You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.

This CVE is published in conjunction with CVE-2025-41249 https://spring.io/security/cve-2025-41249 .

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.springframework.security:spring-security-coreMaven
>= 6.4.0, < 6.4.106.4.10
org.springframework.security:spring-security-coreMaven
>= 6.5.0, < 6.5.46.5.4

Affected products

49

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.