Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
Typemaven
Namespaceorg.springframework.cloud
Namespring-cloud-gateway-server-webflux
Version4.3.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1bzt-rfvg-cuan
vulnerability_id VCID-1bzt-rfvg-cuan
summary 
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.

An application should be considered vulnerable when all the following are true:

*  The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).
*  Spring Boot actuator is a dependency.
*  The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway.
*  The actuator endpoints are available to attackers.
*  The actuator endpoints are unsecured.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-41243
reference_id
reference_type
scores
0
value 0.06417
scoring_system epss
scoring_elements 0.91189
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-41243
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-41243
reference_id CVE-2025-41243
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-41243
2
reference_url https://spring.io/security/cve-2025-41243
reference_id CVE-2025-41243
reference_type
scores
url https://spring.io/security/cve-2025-41243
3
reference_url https://github.com/advisories/GHSA-q2cj-h8fw-q4cc
reference_id GHSA-q2cj-h8fw-q4cc
reference_type
scores
url https://github.com/advisories/GHSA-q2cj-h8fw-q4cc
fixed_packages
0
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
1
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
aliases CVE-2025-41243, GHSA-q2cj-h8fw-q4cc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bzt-rfvg-cuan
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1