Is org.springframework.security:spring-security-aspects affected by CVE-2025-41232?

Maven org.springframework.security:spring-security-aspects is affected in >=6.4.0 <6.4.6.

Is CVE-2025-41232 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

critical

CVE-2025-41232

Q: Is CVE-2025-41232 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.5%.

Maven · org.springframework.security:spring-security-aspects • Maven · org.springframework.security:spring-security-core

Summary

Spring Security authorization bypass for method security annotations on private methods

Severity: critical
EPSS: 0.5% (p40)
Also known as: GHSA-9pp5-9c7g-4r83#org.springframework.security:spring-security-aspects, GHSA-9pp5-9c7g-4r83#org.springframework.security:spring-security-core
Published: 2025-05-21

References

https://nvd.nist.gov/vuln/detail/CVE-2025-41232
https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b
https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.