Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-core@6.4.6
Typemaven
Namespaceorg.springframework.security
Namespring-security-core
Version6.4.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.4.10
Latest_non_vulnerable_version7.0.5
Affected_by_vulnerabilities
0
url VCID-b5bu-1gpr-5bbc
vulnerability_id VCID-b5bu-1gpr-5bbc
summary 
Spring Security annotation detection mechanism has authorization bypass
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.

Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature.

You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces.

This CVE is published in conjunction with  CVE-2025-41249 https://spring.io/security/cve-2025-41249 .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41248.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41248.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-41248
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18033
published_at 2026-04-11T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.18017
published_at 2026-04-09T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.17956
published_at 2026-04-08T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.17869
published_at 2026-04-07T12:55:00Z
4
value 0.00057
scoring_system epss
scoring_elements 0.1817
published_at 2026-04-04T12:55:00Z
5
value 0.00057
scoring_system epss
scoring_elements 0.18117
published_at 2026-04-02T12:55:00Z
6
value 0.00062
scoring_system epss
scoring_elements 0.19029
published_at 2026-05-07T12:55:00Z
7
value 0.00062
scoring_system epss
scoring_elements 0.19118
published_at 2026-04-24T12:55:00Z
8
value 0.00062
scoring_system epss
scoring_elements 0.19109
published_at 2026-04-26T12:55:00Z
9
value 0.00062
scoring_system epss
scoring_elements 0.19064
published_at 2026-04-29T12:55:00Z
10
value 0.00062
scoring_system epss
scoring_elements 0.18948
published_at 2026-05-05T12:55:00Z
11
value 0.00065
scoring_system epss
scoring_elements 0.20163
published_at 2026-04-12T12:55:00Z
12
value 0.00065
scoring_system epss
scoring_elements 0.201
published_at 2026-04-21T12:55:00Z
13
value 0.00065
scoring_system epss
scoring_elements 0.20103
published_at 2026-04-18T12:55:00Z
14
value 0.00065
scoring_system epss
scoring_elements 0.20099
published_at 2026-04-16T12:55:00Z
15
value 0.00065
scoring_system epss
scoring_elements 0.20105
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-41248
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/d0f93fa6d8338149943ae640c53db07de827867f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/d0f93fa6d8338149943ae640c53db07de827867f
4
reference_url https://github.com/spring-projects/spring-security/commit/e5694ac7b5e4394b920c6cab48b7bfbd871f84bd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/e5694ac7b5e4394b920c6cab48b7bfbd871f84bd
5
reference_url https://github.com/spring-projects/spring-security/issues/17898
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/issues/17898
6
reference_url https://github.com/spring-projects/spring-security/issues/17899
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/issues/17899
7
reference_url https://github.com/spring-projects/spring-security/releases/tag/6.4.10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/releases/tag/6.4.10
8
reference_url https://github.com/spring-projects/spring-security/releases/tag/6.5.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/releases/tag/6.5.4
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2395723
reference_id 2395723
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2395723
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-41248
reference_id CVE-2025-41248
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-41248
11
reference_url https://spring.io/security/cve-2025-41248
reference_id CVE-2025-41248
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T19:27:50Z/
url https://spring.io/security/cve-2025-41248
12
reference_url https://github.com/advisories/GHSA-8v5q-rhf3-jphm
reference_id GHSA-8v5q-rhf3-jphm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8v5q-rhf3-jphm
13
reference_url https://access.redhat.com/errata/RHSA-2025:18028
reference_id RHSA-2025:18028
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18028
14
reference_url https://access.redhat.com/errata/RHSA-2025:22765
reference_id RHSA-2025:22765
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22765
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@6.4.10
purl pkg:maven/org.springframework.security/spring-security-core@6.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.4.10
1
url pkg:maven/org.springframework.security/spring-security-core@6.5.4
purl pkg:maven/org.springframework.security/spring-security-core@6.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.5.4
aliases CVE-2025-41248, GHSA-8v5q-rhf3-jphm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5bu-1gpr-5bbc
Fixing_vulnerabilities
0
url VCID-n8yk-aw4d-7qda
vulnerability_id VCID-n8yk-aw4d-7qda
summary 
Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass.

Your application may be affected by this if the following are true:

  *  You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and
  *  You have Spring Security method annotations on a private method
In that case, the target method may be able to be invoked without proper authorization.

You are not affected if:

  *  You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or
  *  You have no Spring Security-annotated private methods
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41232.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41232.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-41232
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57498
published_at 2026-05-07T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.57513
published_at 2026-04-02T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.57534
published_at 2026-04-04T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.5751
published_at 2026-04-07T12:55:00Z
4
value 0.00351
scoring_system epss
scoring_elements 0.57563
published_at 2026-04-18T12:55:00Z
5
value 0.00351
scoring_system epss
scoring_elements 0.57566
published_at 2026-04-09T12:55:00Z
6
value 0.00351
scoring_system epss
scoring_elements 0.57582
published_at 2026-04-11T12:55:00Z
7
value 0.00351
scoring_system epss
scoring_elements 0.57561
published_at 2026-04-12T12:55:00Z
8
value 0.00351
scoring_system epss
scoring_elements 0.5754
published_at 2026-04-13T12:55:00Z
9
value 0.00351
scoring_system epss
scoring_elements 0.57567
published_at 2026-04-16T12:55:00Z
10
value 0.00351
scoring_system epss
scoring_elements 0.57544
published_at 2026-04-21T12:55:00Z
11
value 0.00351
scoring_system epss
scoring_elements 0.57502
published_at 2026-04-24T12:55:00Z
12
value 0.00351
scoring_system epss
scoring_elements 0.57522
published_at 2026-04-26T12:55:00Z
13
value 0.00351
scoring_system epss
scoring_elements 0.57501
published_at 2026-04-29T12:55:00Z
14
value 0.00351
scoring_system epss
scoring_elements 0.57452
published_at 2026-05-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-41232
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b
4
reference_url https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb
5
reference_url https://github.com/spring-projects/spring-security/releases/tag/6.4.6
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/releases/tag/6.4.6
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-41232
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-41232
7
reference_url http://spring.io/security/cve-2025-41232
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-21T13:48:23Z/
url http://spring.io/security/cve-2025-41232
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2367758
reference_id 2367758
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2367758
9
reference_url https://github.com/advisories/GHSA-9pp5-9c7g-4r83
reference_id GHSA-9pp5-9c7g-4r83
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9pp5-9c7g-4r83
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-core@6.4.6
purl pkg:maven/org.springframework.security/spring-security-core@6.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5bu-1gpr-5bbc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.4.6
aliases CVE-2025-41232, GHSA-9pp5-9c7g-4r83
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8yk-aw4d-7qda
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@6.4.6