Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.1.10
purl pkg:maven/org.springframework.cloud/spring-cloud-gateway-server-webflux@4.1.10
Tags Ghost
Next non-vulnerable version 4.3.1
Latest non-vulnerable version 4.3.1
Risk 0.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1bzt-rfvg-cuan
Aliases:
CVE-2025-41243
GHSA-q2cj-h8fw-q4cc
Spring Expression language property modification using Spring Cloud Gateway Server WebFlux Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * Spring Boot actuator is a dependency. * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.
4.2.5
Affected by 0 other vulnerabilities.
4.3.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-30T21:04:05.277283+00:00 GitLab Importer Affected by VCID-1bzt-rfvg-cuan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.cloud/spring-cloud-gateway-server-webflux/CVE-2025-41243.yml 38.6.0