Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1bzt-rfvg-cuan
Summary
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.

An application should be considered vulnerable when all the following are true:

*  The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).
*  Spring Boot actuator is a dependency.
*  The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway.
*  The actuator endpoints are available to attackers.
*  The actuator endpoints are unsecured.
Aliases
0
alias CVE-2025-41243
1
alias GHSA-q2cj-h8fw-q4cc
Fixed_packages
0
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.5
1
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.1
Affected_packages
0
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@3.1.0
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bzt-rfvg-cuan
1
vulnerability VCID-q91x-cu9t-2uch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@3.1.0
1
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@3.1.10
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@3.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bzt-rfvg-cuan
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@3.1.10
2
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.0.0
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bzt-rfvg-cuan
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.0.0
3
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.1.10
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bzt-rfvg-cuan
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.1.10
4
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.0
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bzt-rfvg-cuan
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.2.0
5
url pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.0
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1bzt-rfvg-cuan
1
vulnerability VCID-q91x-cu9t-2uch
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.3.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-41243
reference_id
reference_type
scores
0
value 0.06417
scoring_system epss
scoring_elements 0.91189
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-41243
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-41243
reference_id CVE-2025-41243
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-41243
2
reference_url https://spring.io/security/cve-2025-41243
reference_id CVE-2025-41243
reference_type
scores
url https://spring.io/security/cve-2025-41243
3
reference_url https://github.com/advisories/GHSA-q2cj-h8fw-q4cc
reference_id GHSA-q2cj-h8fw-q4cc
reference_type
scores
url https://github.com/advisories/GHSA-q2cj-h8fw-q4cc
Weaknesses
0
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1bzt-rfvg-cuan