What is CVE-2025-41232?

CVE-2025-41232 is a critical-severity vulnerability in Spring Security. CVSS score: 9.1/10. Published 2025-05-21.

How severe is CVE-2025-41232?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2025-41232 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Spring Security

CVE-2025-41232

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethod…

EPSS: 0.004 (57.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Spring Security — versions 6.4.x

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

spring.io/security/cve-2025-41232

Frequently asked questions

What is CVE-2025-41232?: CVE-2025-41232 is a critical-severity vulnerability in Spring Security. CVSS score: 9.1/10. Published 2025-05-21.
How severe is CVE-2025-41232?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2025-41232 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.