Spring Cloud Gateway Archives • Daily CyberSecurity

Spring Patches Two Flaws: SpEL Injection (CVE-2025-41253) Leaks Secrets, STOMP CSRF Bypasses WebSocket Security Spring Data vulnerabilities Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Do Son October 17, 2025

VMware Tanzu’s Spring team has released fixes for two vulnerabilities impacting Spring Cloud Gateway and the Spring...

Do Son September 22, 2025

Security researcher Ezzer17 published a clear, methodical write-up that walks through the root cause, the partial fixes,...

CVE-2025-41243 (CVSS 10): Critical Spring Cloud Gateway Server WebFlux Flaw Exposes Property Modification Risk Spring Data vulnerabilities Spring Cloud Config CVE-2026-22739 Spring Gateway SpEL, STOMP WebSocket CSRF Spring Security, vulnerability CVE-2024-38819 CVE-2025-41243 Spring Cloud Gateway, vulnerability

Do Son September 9, 2025

Spring has disclosed a critical vulnerability in Spring Cloud Gateway Server WebFlux that allows attackers to modify...

Do Son May 30, 2025

A newly disclosed vulnerability in Spring Cloud Gateway Server could expose applications to header spoofing and potential...