Description

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection You are not affected if any of the following is true: * You don't use Spring Security * You don't use EndpointRequest.to() * The endpoint which EndpointRequest.to() refers to is enabled and is exposed * Your application does not handle requests to /null or this path does not need protection

INFO

Published Date :

2025-04-28T07:10:35.370Z

Last Modified :

2025-05-16T23:03:06.227Z

Source :

vmware
AFFECTED PRODUCTS

The following products are affected by CVE-2025-22235 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-22235.

URL Resource
https://github.com/advisories/GHSA-rc42-6c7j-7h5r cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-22235 cve-icon
https://security.netapp.com/advisory/ntap-20250516-0010/ cve-icon
https://spring.io/security/cve-2025-22235 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-22235 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact