CVE-2025-41243
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.
An application should be considered vulnerable when all the following are true:
- The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).
- Spring Boot actuator is a dependency.
- The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway.
- The actuator endpoints are available to attackers.
- The actuator endpoints are unsecured.
| Software | From | Fixed in |
|---|---|---|
org.springframework.cloud / spring-cloud-gateway-server-webflux
|
3.1.0 | 3.1.10.x |
|
org.springframework.cloud / spring-cloud-gateway-server-webflux
|
4.0.0 | 4.1.10.x |
|
org.springframework.cloud / spring-cloud-gateway-server-webflux
|
4.2.0 | 4.2.5 |
|
org.springframework.cloud / spring-cloud-gateway-server-webflux
|
4.3.0 | 4.3.1 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime