How severe is CVE-2025-41232?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2025-41232?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2025-41232 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and * You have Spring Security method annotations on a private method In that case, the target method may be able to be invoked without proper authorization. You are not affected if: * You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or * You have no Spring Security-annotated private methods

Related Vulnerabilities

CVE-2022-48290

CRITICAL

CVSS:9.1(Critical)

The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity.

CWE-6932022

CVE-2024-25091

CRITICAL

CVSS:9.1(Critical)

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'Viru...

CWE-6932024

CVE-2017-10952

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932017

CVE-2018-1170

HIGH

CVSS:8.8(High)

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authent...

CWE-6932018

CVE-2018-14280

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932018

CVE-2018-14281

HIGH

CVSS:8.8(High)

CWE-6932018