{"vulnerability": "CVE-2025-22235", "sightings": [{"uuid": "9d5eebe7-bb92-4ad9-9fb1-2f1c05e3fad0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22235", "type": "seen", "source": "https://bsky.app/profile/snicoll.be/post/3lnmplyg7ms23", "content": "", "creation_timestamp": "2025-04-25T07:36:27.054987Z"}, {"uuid": "33bfa411-8f24-4714-ac03-3425954e76f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22235", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lnony6qhj42b", "content": "", "creation_timestamp": "2025-04-26T02:12:41.852204Z"}, {"uuid": "6b45e610-942f-4a3b-b312-f2957f0a578a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22235", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnuhxjanxr2s", "content": "", "creation_timestamp": "2025-04-28T09:40:59.094425Z"}, {"uuid": "33e38361-2938-40e7-9599-9fbb345553f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22235", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114415227561670514", "content": "", "creation_timestamp": "2025-04-28T10:57:03.317085Z"}, {"uuid": "91af597e-d964-494b-9dd6-a3cda79eb998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22235", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13663", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-22235\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n  *  You use Spring Security\n  *  EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration\n  *  The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web\n  *  Your application handles requests to /null\u00a0and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n  *  You don't use Spring Security\n  *  You don't use EndpointRequest.to()\n  *  The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed\n  *  Your application does not handle requests to /null\u00a0or this path does not need protection\n\ud83d\udccf Published: 2025-04-28T07:10:35.370Z\n\ud83d\udccf Modified: 2025-04-28T07:10:35.370Z\n\ud83d\udd17 References:\n1. https://spring.io/security/cve-2025-22235", "creation_timestamp": "2025-04-28T08:10:50.000000Z"}, {"uuid": "9896c767-4650-4120-923e-65b03b631b98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22235", "type": "published-proof-of-concept", "source": "Telegram/opjiOOneFpadqYqN0qV4PAE3kRpAo7UluVD5MZZwTsLrBTk", "content": "", "creation_timestamp": "2025-08-21T15:00:13.000000Z"}, {"uuid": "8369869a-10f1-49e0-b1cb-705fbe5e03c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-22235", "type": "seen", "source": "https://t.me/cvedetector/23891", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-22235 - Spring Security Endpoint Request Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2025-22235 \nPublished : April 28, 2025, 8:15 a.m. | 54\u00a0minutes ago \nDescription : EndpointRequest.to()\u00a0creates a matcher for null/**\u00a0if the actuator endpoint, for which the EndpointRequest\u00a0has been created, is disabled or not exposed.  \n  \nYour application may be affected by this if all the following conditions are met:  \n  \n  *  You use Spring Security  \n  *  EndpointRequest.to()\u00a0has been used in a Spring Security chain configuration  \n  *  The endpoint which EndpointRequest\u00a0references is disabled or not exposed via web  \n  *  Your application handles requests to /null\u00a0and this path needs protection  \n  \n  \nYou are not affected if any of the following is true:  \n  \n  *  You don't use Spring Security  \n  *  You don't use EndpointRequest.to()  \n  *  The endpoint which EndpointRequest.to()\u00a0refers to is enabled and is exposed  \n  *  Your application does not handle requests to /null\u00a0or this path does not need protection \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-28T11:33:09.000000Z"}]}