Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for Cloud Config by Spring

CERTFR-2025-AVI-0297

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Spring Cloud Config. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Spring	Cloud Config	Cloud Config 4.1.x versions antérieures à 4.1.6
Spring	Cloud Config	Cloud Config versions antérieures à 3.1.10
Spring	Cloud Config	Cloud Config versions 4.2.x antérieures à 4.2.1
Spring	Cloud Config	Cloud Config versions 4.0.x antérieures à 4.0.10

References

Title

Publication Time

Tags

Bulletin de sécurité Spring cve-2025-22232

2025-04-07

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cloud Config 4.1.x versions ant\u00e9rieures \u00e0 4.1.6",
      "product": {
        "name": "Cloud Config",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Config versions ant\u00e9rieures \u00e0 3.1.10",
      "product": {
        "name": "Cloud Config",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Config versions 4.2.x ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "Cloud Config",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Config versions 4.0.x ant\u00e9rieures \u00e0 4.0.10",
      "product": {
        "name": "Cloud Config",
        "vendor": {
          "name": "Spring",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-22232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22232"
    }
  ],
  "initial_release_date": "2025-04-09T00:00:00",
  "last_revision_date": "2025-04-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0297",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Spring Cloud Config. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans Spring Cloud Config",
  "vendor_advisories": [
    {
      "published_at": "2025-04-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2025-22232",
      "url": "https://spring.io/security/cve-2025-22232"
    }
  ]
}