CVE-2025-22235
📋 TL;DR
This Spring Security vulnerability allows unauthorized access to /null endpoints when EndpointRequest.to() references disabled or unexposed actuator endpoints. Applications using Spring Security with EndpointRequest.to() configuration are affected if they handle /null requests requiring protection.
💻 Affected Systems
- Spring Security
- Spring Boot Actuator
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers bypass authentication/authorization controls to access protected /null endpoints, potentially leading to data exposure or unauthorized actions.
Likely Case
Unauthorized access to /null endpoints that should be protected, potentially exposing sensitive information or functionality.
If Mitigated
No impact if /null endpoints don't exist or don't require protection, or if proper network segmentation prevents access.
🎯 Exploit Status
Exploitation requires knowledge of /null endpoints and their protection requirements. No public exploit code known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Spring Security 5.6.16, 5.7.15, 5.8.10, 6.0.10, 6.1.9, 6.2.4
Vendor Advisory: https://spring.io/security/cve-2025-22235
Restart Required: Yes
Instructions:
1. Update Spring Security dependency to patched version. 2. Update Spring Boot if using Spring Boot Actuator. 3. Restart application. 4. Verify /null endpoint protection works correctly.
🔧 Temporary Workarounds
Remove EndpointRequest.to() usage
allReplace EndpointRequest.to() with explicit security configurations for endpoints
Disable /null endpoint handling
allEnsure application does not handle requests to /null path
🧯 If You Can't Patch
- Implement network-level access controls to restrict access to /null endpoints
- Add application-level validation to reject requests to /null endpoints
🔍 How to Verify
Check if Vulnerable:
Check Spring Security configuration for EndpointRequest.to() usage and verify if referenced actuator endpoints are disabled/unexposed while /null endpoints require protection.Check Version:
Check pom.xml or build.gradle for Spring Security version, or use: java -jar app.jar --version (if Spring Boot)Verify Fix Applied:
After patching, test that /null endpoints are properly protected when referenced actuator endpoints are disabled/unexposed.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to /null endpoints
- Spring Security access denied exceptions for /null
Network Indicators:
- HTTP requests to /null endpoints bypassing authentication
SIEM Query:
source="application_logs" AND (uri_path="/null" OR endpoint="/null") AND (status="401" OR status="403")