Vmware Spring Framework
7 CVEs affecting Vmware Spring Framework. Latest disclosed: 2026-04-29. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-41249 | High | 7.5 | 2025-09-16 | The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type wi… |
CVE-2026-22740 | Medium | 6.5 | 2026-04-29 | A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain n… |
CVE-2025-41234 | Medium | 6.5 | 2025-06-12 | Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack… |
CVE-2025-41242 | Medium | 5.9 | 2025-08-18 | Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can… |
CVE-2026-22745 | Medium | 5.3 | 2026-04-29 | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulner… |
CVE-2025-41254 | Medium | 4.3 | 2025-10-16 | STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and V… |
CVE-2026-22741 | Low | 3.1 | 2026-04-29 | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when… |