The vulnerability is a SpEL injection flaw in Spring AI’s SimpleVectorStore component, where an unescaped user-supplied value is utilized as a filter expression key. This flaw permits an attacker to insert arbitrary Spring Expression Language code that is executed by the application, giving the attacker complete code execution capabilities on the host system. The weakness is a form of expression language injection, a serious input validation failure that leads to full compromise.

The affected product is Spring AI SimpleVectorStore. Versions predating 1.0.5 in the 1.0.x line and predating 1.1.4 in the 1.1.x line are impacted. Any deployment that directly uses SimpleVectorStore and passes user-controlled values as filter keys is vulnerable.

The vulnerability carries a CVSS score of 9.8, indicating critical severity. EPSS indicates a probability of exploitation below 1%, and it is not listed in the Known Exploited Vulnerabilities catalog, suggesting no publicly known exploitation yet. However, the attack vector is inferred to be remote, driven by user input, meaning attackers could exploit the flaw over network or web interfaces without local access. Given the remote code execution consequence, the risk to affected systems is high and remediation is urgently recommended.