Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-aspects@6.4.2
Typemaven
Namespaceorg.springframework.security
Namespring-security-aspects
Version6.4.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.4.6
Latest_non_vulnerable_version6.4.6
Affected_by_vulnerabilities
0
url VCID-n8yk-aw4d-7qda
vulnerability_id VCID-n8yk-aw4d-7qda
summary 
Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass.

Your application may be affected by this if the following are true:

  *  You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and
  *  You have Spring Security method annotations on a private method
In that case, the target method may be able to be invoked without proper authorization.

You are not affected if:

  *  You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or
  *  You have no Spring Security-annotated private methods
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41232.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41232.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-41232
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57498
published_at 2026-05-07T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.57513
published_at 2026-04-02T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.57534
published_at 2026-04-04T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.5751
published_at 2026-04-07T12:55:00Z
4
value 0.00351
scoring_system epss
scoring_elements 0.57563
published_at 2026-04-18T12:55:00Z
5
value 0.00351
scoring_system epss
scoring_elements 0.57566
published_at 2026-04-09T12:55:00Z
6
value 0.00351
scoring_system epss
scoring_elements 0.57582
published_at 2026-04-11T12:55:00Z
7
value 0.00351
scoring_system epss
scoring_elements 0.57561
published_at 2026-04-12T12:55:00Z
8
value 0.00351
scoring_system epss
scoring_elements 0.5754
published_at 2026-04-13T12:55:00Z
9
value 0.00351
scoring_system epss
scoring_elements 0.57567
published_at 2026-04-16T12:55:00Z
10
value 0.00351
scoring_system epss
scoring_elements 0.57544
published_at 2026-04-21T12:55:00Z
11
value 0.00351
scoring_system epss
scoring_elements 0.57502
published_at 2026-04-24T12:55:00Z
12
value 0.00351
scoring_system epss
scoring_elements 0.57522
published_at 2026-04-26T12:55:00Z
13
value 0.00351
scoring_system epss
scoring_elements 0.57501
published_at 2026-04-29T12:55:00Z
14
value 0.00351
scoring_system epss
scoring_elements 0.57452
published_at 2026-05-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-41232
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/bf2aaa1b1830e534ba651d422545ac08a115151b
4
reference_url https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/commit/c972de5369a1261ab674a3f5e3a80e8ce3e8cdfb
5
reference_url https://github.com/spring-projects/spring-security/releases/tag/6.4.6
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/releases/tag/6.4.6
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-41232
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-41232
7
reference_url http://spring.io/security/cve-2025-41232
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-21T13:48:23Z/
url http://spring.io/security/cve-2025-41232
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2367758
reference_id 2367758
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2367758
9
reference_url https://github.com/advisories/GHSA-9pp5-9c7g-4r83
reference_id GHSA-9pp5-9c7g-4r83
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9pp5-9c7g-4r83
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-aspects@6.4.6
purl pkg:maven/org.springframework.security/spring-security-aspects@6.4.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-aspects@6.4.6
aliases CVE-2025-41232, GHSA-9pp5-9c7g-4r83
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8yk-aw4d-7qda
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-aspects@6.4.2