CVE-2025-41243

CRITICAL NUCLEI

Spring Cloud Gateway Server Webflux - Info Disclosure

Title source: llm

Description

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * Spring Boot actuator is a dependency. * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.

Exploits (1)

nomisec WRITEUP

by SFN233 · poc

https://github.com/SFN233/CVE-2025-41243-Vulnerability-Lab

View Code ZIP pw:eip

Nuclei Templates (1)

Spring Cloud Gateway Server Webflux - Broken Access Control

CRITICALVERIFIEDby Redmomn

FOFA:

((header="Server: Netty@SpringBoot" || (body="Whitelabel Error Page" && body="There was an unexpected error")) && body!="couchdb") || title="SpringBootAdmin-Server" || body="SpringBoot"

References (1)

[Vendor Advisory] https://spring.io/security/cve-2025-41243

Scores

CVSS v3 10.0

EPSS 0.0241

EPSS Percentile 84.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-917 CWE-94

Status draft

Affected Products (1)

org.springframework.cloud/spring-cloud-gateway-server-webflux Maven

Timeline

Published Sep 16, 2025

Tracked Since Feb 18, 2026