Description

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.11 * 6.1.0 - 6.1.23 * 6.0.x - 6.0.29 * 5.3.0 - 5.3.45 * Older, unsupported versions are also affected. MitigationUsers of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix versionAvailability6.2.x6.2.12OSS6.1.x6.1.24 Commercial https://enterprise.spring.io/ 6.0.xN/A Out of support https://spring.io/projects/spring-framework#support 5.3.x5.3.46 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. CreditThis vulnerability was discovered and responsibly reported by Jannis Kaiser.

INFO

Published Date :

2025-10-16T14:48:37.350Z

Last Modified :

2025-10-16T16:10:14.510Z

Source :

vmware
AFFECTED PRODUCTS

The following products are affected by CVE-2025-41254 vulnerability.

Vendors Products
Vmware
  • Spring Framework
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-41254.

URL Resource
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N&version=3.1 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-41254 cve-icon
https://spring.io/security/cve/2025-41254 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-41254 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact