Cloud Gateway
Approved changes feed: RSS · Atom
cpe:2.3:a:spring:cloud_gateway:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Spring (4c7a31af-cbd7-516f-b1ce-2d5f574797bc) |
|---|---|
| Product | Cloud Gateway (400f6284-1bb2-513b-9ef1-6803e405657e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-41243 |
vulnerable | 2026-06-03 15:01:14.656935 |
Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux
CRITICAL (10)
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.
An application should be considered vulnerable when all the following are true:
* The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).
* Spring Boot actuator is a dependency.
* The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway.
* The actuator endpoints are available to attackers.
* The actuator endpoints are unsecured.
Published: 2025-09-16T14:54:57.396Z
Updated: 2026-02-26T17:48:29.456Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.