{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22233", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-01-02T04:29:59.191Z", "datePublished": "2025-05-16T19:14:07.500Z", "dateUpdated": "2025-05-17T02:37:03.191Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Spring Framework", "vendor": "Spring", "versions": [{"lessThanOrEqual": "6.2.6", "status": "affected", "version": "6.2.0", "versionType": "Framework"}, {"lessThanOrEqual": "6.1.19", "status": "affected", "version": "6.1.0", "versionType": "Framework"}, {"lessThanOrEqual": "6.0.27", "status": "affected", "version": "6.0.0", "versionType": "Enterprise Framework"}, {"lessThanOrEqual": "5.3.42", "status": "affected", "version": "5.3.0", "versionType": "Enterprise Framework"}, {"status": "unaffected", "version": "6.2.7", "versionType": "Framework"}, {"status": "unaffected", "version": "6.1.20", "versionType": "Framework"}, {"status": "unaffected", "version": "6.0.28", "versionType": "Enterprise Framework"}, {"status": "unaffected", "version": "5.3.43", "versionType": "Entrprise Framework"}]}], "datePublic": "2025-05-15T15:02:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.<br><br><b>Affected Spring Products and Versions</b><br><br>Spring Framework:<br><ul><li>6.2.0 - 6.2.6<br></li><li>6.1.0 - 6.1.19<br></li><li>6.0.0 - 6.0.27<br></li><li>5.3.0 - 5.3.42</li><li>Older, unsupported versions are also affected</li></ul><br><b>Mitigation</b><br><br>Users of affected versions should upgrade to the corresponding fixed version.<br><br><table><tbody><tr><td>Affected version(s)</td><td>Fix Version&nbsp;</td><td>Availability&nbsp;</td></tr><tr><td>6.2.x<br></td><td> 6.2.7<br></td><td>OSS</td></tr><tr><td>6.1.x<br></td><td> 6.1.20<br></td><td>OSS</td></tr><tr><td>6.0.x<br></td><td> 6.0.28<br></td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://enterprise.spring.io/\">Commercial</a></td></tr><tr><td>5.3.x<br></td><td> 5.3.43<br></td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://enterprise.spring.io/\">Commercial</a></td></tr></tbody></table><br><span style=\"background-color: rgb(255, 255, 255);\">No further mitigation steps are necessary.</span><br><br><br>Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.<br><br>For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.<br><br>Credit<br><br>This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.<br>"}], "value": "CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.\n\nAffected Spring Products and Versions\n\nSpring Framework:\n * 6.2.0 - 6.2.6\n\n * 6.1.0 - 6.1.19\n\n * 6.0.0 - 6.0.27\n\n * 5.3.0 - 5.3.42\n * Older, unsupported versions are also affected\n\n\n\nMitigation\n\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix Version\u00a0Availability\u00a06.2.x\n 6.2.7\nOSS6.1.x\n 6.1.20\nOSS6.0.x\n 6.0.28\n Commercial https://enterprise.spring.io/ 5.3.x\n 5.3.43\n Commercial https://enterprise.spring.io/ \nNo further mitigation steps are necessary.\n\n\nGenerally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.\n\nFor setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.\n\nCredit\n\nThis issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation."}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137: Parameter Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-05-16T19:14:07.500Z"}, "references": [{"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N&version=3.1"}], "source": {"discovery": "UNKNOWN"}, "title": "Spring Framework DataBinder Case Sensitive Match Exception", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-17T02:36:53.736871Z", "id": "CVE-2025-22233", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-17T02:37:03.191Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22233", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-17T02:36:53.736871Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-17T02:36:58.506Z"}}], "cna": {"title": "Spring Framework DataBinder Case Sensitive Match Exception", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137: Parameter Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Spring", "product": "Spring Framework", "versions": [{"status": "affected", "version": "6.2.0", "versionType": "Framework", "lessThanOrEqual": "6.2.6"}, {"status": "affected", "version": "6.1.0", "versionType": "Framework", "lessThanOrEqual": "6.1.19"}, {"status": "affected", "version": "6.0.0", "versionType": "Enterprise Framework", "lessThanOrEqual": "6.0.27"}, {"status": "affected", "version": "5.3.0", "versionType": "Enterprise Framework", "lessThanOrEqual": "5.3.42"}, {"status": "unaffected", "version": "6.2.7", "versionType": "Framework"}, {"status": "unaffected", "version": "6.1.20", "versionType": "Framework"}, {"status": "unaffected", "version": "6.0.28", "versionType": "Enterprise Framework"}, {"status": "unaffected", "version": "5.3.43", "versionType": "Entrprise Framework"}], "defaultStatus": "affected"}], "datePublic": "2025-05-15T15:02:00.000Z", "references": [{"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N&version=3.1"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.\n\nAffected Spring Products and Versions\n\nSpring Framework:\n * 6.2.0 - 6.2.6\n\n * 6.1.0 - 6.1.19\n\n * 6.0.0 - 6.0.27\n\n * 5.3.0 - 5.3.42\n * Older, unsupported versions are also affected\n\n\n\nMitigation\n\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix Version\u00a0Availability\u00a06.2.x\n 6.2.7\nOSS6.1.x\n 6.1.20\nOSS6.0.x\n 6.0.28\n Commercial https://enterprise.spring.io/ 5.3.x\n 5.3.43\n Commercial https://enterprise.spring.io/ \nNo further mitigation steps are necessary.\n\n\nGenerally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.\n\nFor setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.\n\nCredit\n\nThis issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.", "supportingMedia": [{"type": "text/html", "value": "CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.<br><br><b>Affected Spring Products and Versions</b><br><br>Spring Framework:<br><ul><li>6.2.0 - 6.2.6<br></li><li>6.1.0 - 6.1.19<br></li><li>6.0.0 - 6.0.27<br></li><li>5.3.0 - 5.3.42</li><li>Older, unsupported versions are also affected</li></ul><br><b>Mitigation</b><br><br>Users of affected versions should upgrade to the corresponding fixed version.<br><br><table><tbody><tr><td>Affected version(s)</td><td>Fix Version&nbsp;</td><td>Availability&nbsp;</td></tr><tr><td>6.2.x<br></td><td> 6.2.7<br></td><td>OSS</td></tr><tr><td>6.1.x<br></td><td> 6.1.20<br></td><td>OSS</td></tr><tr><td>6.0.x<br></td><td> 6.0.28<br></td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://enterprise.spring.io/\">Commercial</a></td></tr><tr><td>5.3.x<br></td><td> 5.3.43<br></td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://enterprise.spring.io/\">Commercial</a></td></tr></tbody></table><br><span style=\"background-color: rgb(255, 255, 255);\">No further mitigation steps are necessary.</span><br><br><br>Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.<br><br>For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.<br><br>Credit<br><br>This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-05-16T19:14:07.500Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22233", "state": "PUBLISHED", "dateUpdated": "2025-05-17T02:37:03.191Z", "dateReserved": "2025-01-02T04:29:59.191Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-05-16T19:14:07.500Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.\n\nAffected Spring Products and Versions\n\nSpring Framework:\n * 6.2.0 - 6.2.6\n\n * 6.1.0 - 6.1.19\n\n * 6.0.0 - 6.0.27\n\n * 5.3.0 - 5.3.42\n * Older, unsupported versions are also affected\n\n\n\nMitigation\n\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix Version\u00a0Availability\u00a06.2.x\n 6.2.7\nOSS6.1.x\n 6.1.20\nOSS6.0.x\n 6.0.28\n Commercial https://enterprise.spring.io/ 5.3.x\n 5.3.43\n Commercial https://enterprise.spring.io/ \nNo further mitigation steps are necessary.\n\n\nGenerally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.\n\nFor setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.\n\nCredit\n\nThis issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation."}, {"lang": "es", "value": "La CVE-2024-38820 garantiz\u00f3 la conversi\u00f3n a min\u00fasculas, independiente de la configuraci\u00f3n regional, tanto para los patrones de disallowedFields configurados como para los nombres de los par\u00e1metros de solicitud. Sin embargo, a\u00fan existen casos en los que es posible omitir las comprobaciones de disallowedFields. Productos y versiones de Spring afectados: Spring Framework: * 6.2.0 - 6.2.6 * 6.1.0 - 6.1.19 * 6.0.0 - 6.0.27 * 5.3.0 - 5.3.42 * Las versiones anteriores sin soporte tambi\u00e9n se ven afectadas. Mitigaci\u00f3n: Los usuarios de las versiones afectadas deben actualizar a la versi\u00f3n corregida correspondiente. Versi\u00f3n(s) afectada(s) Versi\u00f3n de correcci\u00f3n Disponibilidad 6.2.x 6.2.7 OSS6.1.x 6.1.20 OSS6.0.x 6.0.28 Comercial https://enterprise.spring.io/ 5.3.x 5.3.43 Comercial https://enterprise.spring.io/ No se necesitan m\u00e1s medidas de mitigaci\u00f3n. En general, recomendamos usar un objeto de modelo dedicado con propiedades solo para el enlace de datos o usar el enlace del constructor, ya que los argumentos del constructor declaran expl\u00edcitamente qu\u00e9 enlazar junto con la desactivaci\u00f3n del enlace del establecedor a trav\u00e9s del indicador declarativeBinding. Consulte la secci\u00f3n Dise\u00f1o del modelo en la documentaci\u00f3n de referencia. Para el enlace de configuraci\u00f3n, prefiera el uso de allowedFields (una lista expl\u00edcita) en lugar de disallowedFields. Cr\u00e9dito Este problema fue reportado responsablemente por el equipo de desarrollo del marco TERASOLUNA de NTT DATA Group Corporation."}], "id": "CVE-2025-22233", "lastModified": "2025-05-19T13:35:20.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2025-05-16T20:15:22.143", "references": [{"source": "security@vmware.com", "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N&version=3.1"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}

{}