Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@3.1.10
Typemaven
Namespaceorg.springframework.cloud
Namespring-cloud-gateway-server-webflux
Version3.1.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.2.5
Latest_non_vulnerable_version4.3.1
Affected_by_vulnerabilities
0
url VCID-1bzt-rfvg-cuan
vulnerability_id VCID-1bzt-rfvg-cuan
summary 
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.

An application should be considered vulnerable when all the following are true:

*  The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).
*  Spring Boot actuator is a dependency.
*  The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway.
*  The actuator endpoints are available to attackers.
*  The actuator endpoints are unsecured.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-41243
reference_id
reference_type
scores
0
value 0.06417
scoring_system epss
scoring_elements 0.91189
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-41243
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-41243
reference_id CVE-2025-41243
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-41243
2
reference_url https://spring.io/security/cve-2025-41243
reference_id CVE-2025-41243
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-09-17T03:55:50Z/
url https://spring.io/security/cve-2025-41243
3
reference_url https://github.com/advisories/GHSA-q2cj-h8fw-q4cc
reference_id GHSA-q2cj-h8fw-q4cc
reference_type
scores
url https://github.com/advisories/GHSA-q2cj-h8fw-q4cc
fixed_packages
0
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
1
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
aliases CVE-2025-41243, GHSA-q2cj-h8fw-q4cc
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bzt-rfvg-cuan
Fixing_vulnerabilities
Risk_score0.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@3.1.10