Maven package
org.springframework.cloud/spring-cloud-gateway-server
pkg:maven/org.springframework.cloud/spring-cloud-gateway-server
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-41253 | Hig | 7.5 | >= 4.3.0, < 4.3.2 | 4.3.2 | Oct 16, 2025 | The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Sprin | |
| CVE-2025-41235 | Hig | 8.6 | >= 4.2.0, < 4.2.3 | 4.2.3 | May 30, 2025 | Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. |
- affected >= 4.3.0, < 4.3.2fixed 4.3.2
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Sprin
- affected >= 4.2.0, < 4.2.3fixed 4.2.3
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.