Description

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations.

INFO

Published Date :

2026-01-22T21:02:23.992Z

Last Modified :

2026-01-22T21:27:13.558Z

Source :

vmware
AFFECTED PRODUCTS

The following products are affected by CVE-2025-22234 vulnerability.

Vendors Products
Spring
  • Spring
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-22234.

URL Resource
https://github.com/spring-projects/spring-security/commit/c1aa99fdd2113a232986e9c3a44673ae752de840 cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-22234 cve-icon
https://spring.io/security/cve-2025-22234/ cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-22234 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact