{"uuid": "8369869a-10f1-49e0-b1cb-705fbe5e03c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22235", "type": "seen", "source": "https://t.me/cvedetector/23891", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22235 - Spring Security Endpoint Request Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2025-22235 \nPublished : April 28, 2025, 8:15 a.m. | 54\u00a0minutes ago \nDescription : EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.  \n  \nYour application may be affected by this if all the following conditions are met:  \n  \n  *  You use Spring Security  \n  *  EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration  \n  *  The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web  \n  *  Your application handles requests to /null\u00a0and this path needs protection  \n  \n  \nYou are not affected if any of the following is true:  \n  \n  *  You don't use Spring Security  \n  *  You don't use EndpointRequest.to()  \n  *  The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed  \n  *  Your application does not handle requests to /null\u00a0or this path does not need protection \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-28T11:33:09.000000Z"}