Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-jeeg-btw1-5yaq
Vulnerability ID VCID-jeeg-btw1-5yaq
Aliases CVE-2025-41234
GHSA-6r3c-xf4w-jxjm
Summary Spring Framework vulnerable to a reflected file download (RFD) In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an application is vulnerable when all the following are true: - The header is prepared with `org.springframework.http.ContentDisposition`. - The filename is set via `ContentDisposition.Builder#filename(String, Charset)`. - The value for the filename is derived from user-supplied input. - The application does not sanitize the user-supplied input. - The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details). An application is not vulnerable if any of the following is true: - The application does not set a “Content-Disposition” response header. - The header is not prepared with `org.springframework.http.ContentDisposition`. - The filename is set via one of: - `ContentDisposition.Builder#filename(String)`, or - `ContentDisposition.Builder#filename(String, ASCII)` - The filename is not derived from user-supplied input. - The filename is derived from user-supplied input but sanitized by the application. - The attacker cannot inject malicious content in the downloaded content of the response.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41234.json
epss 0.00294 https://api.first.org/data/v1/epss?cve=CVE-2025-41234
cvssv3.1 6.5 https://github.com/spring-projects/spring-framework
generic_textual MODERATE https://github.com/spring-projects/spring-framework
cvssv3.1 6.5 https://github.com/spring-projects/spring-framework/commit/f0e7b42704e6b33958f242d91bd690d6ef7ada9c
generic_textual MODERATE https://github.com/spring-projects/spring-framework/commit/f0e7b42704e6b33958f242d91bd690d6ef7ada9c
cvssv3.1 6.5 https://github.com/spring-projects/spring-framework/issues/35034
generic_textual MODERATE https://github.com/spring-projects/spring-framework/issues/35034
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2025-41234
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-41234
ssvc Track https://nvd.nist.gov/vuln/detail/CVE-2025-41234
cvssv3.1 6.5 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1
ssvc Track https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1
cvssv3.1 6.5 https://spring.io/security/cve-2025-41234
generic_textual MODERATE https://spring.io/security/cve-2025-41234
ssvc Track https://spring.io/security/cve-2025-41234
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41234.json
https://api.first.org/data/v1/epss?cve=CVE-2025-41234
https://github.com/spring-projects/spring-framework
https://github.com/spring-projects/spring-framework/commit/f0e7b42704e6b33958f242d91bd690d6ef7ada9c
https://github.com/spring-projects/spring-framework/issues/35034
2372578 https://bugzilla.redhat.com/show_bug.cgi?id=2372578
A:N&version=3.1 https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1
CVE-2025-41234 https://nvd.nist.gov/vuln/detail/CVE-2025-41234
CVE-2025-41234 https://spring.io/security/cve-2025-41234
GHSA-6r3c-xf4w-jxjm https://github.com/advisories/GHSA-6r3c-xf4w-jxjm
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-41234.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N Found at https://github.com/spring-projects/spring-framework
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N Found at https://github.com/spring-projects/spring-framework/commit/f0e7b42704e6b33958f242d91bd690d6ef7ada9c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N Found at https://github.com/spring-projects/spring-framework/issues/35034
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-41234
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:03:20Z/ Found at https://nvd.nist.gov/vuln/detail/CVE-2025-41234
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:03:20Z/ Found at https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N&version=3.1
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N Found at https://spring.io/security/cve-2025-41234
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-13T14:03:20Z/ Found at https://spring.io/security/cve-2025-41234
Exploit Prediction Scoring System (EPSS)
Percentile 0.53031
EPSS Score 0.00294
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:24:12.608283+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2025-41234.yml 38.6.0