CVE-2025-41248
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-41248. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.
Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.
You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.
This CVE is published in conjunction with CVE-2025-41249 https://spring.io/security/cve-2025-41249 .
Available Exploits
Related News
Affected Products
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
CVE-2025-41248 & CVE-2025-41249: Vulnerabilities in Spring Framework, Spring Security Lead to Authorization Bypass, Expose Sensitive Data Spring Framework is a lightweight Java framework widely used for building scalable enterprise applications. It is often used in conjunction with Spring Security to enforce authorization and method-level access controls. Because many... **CVEs:** CVE-2022-22965,CVE-2025-41248,CVE-2025-41249,cve-2025-41248,cve-2025-41249 …
🔥 Top 10 Trending CVEs (18/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-9708](https://nvd.nist.gov/vuln/detail/CVE-2025-9708)** - 📝 A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. …