Spring
CVE-2025-70982
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data.
AnalysisAI
Access control bypass in SpringBlade v4.5.0 importUser function allows low-privileged users to import sensitive user data and escalate privileges. PoC available.
Technical ContextAI
CWE-284 in SpringBlade's importUser function. Low-privileged users can import users with elevated roles.
RemediationAI
Update SpringBlade. Restrict import functionality to administrators.
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. Rated critical severi
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant
SpringBlade v4.5.0 has an access control flaw in authRoutes allowing low-privileged users to escalate to admin through t
Spring Security Aspects may not correctly locate method security annotations on private methods. Rated critical severity
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been crea
Arbitrary command execution in the VSCode Spring CLI extension allows local users with interactive access to execute arb
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to
Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. Ra
Spring Data Geode's snapshot import functionality uses predictable temporary directories with overly permissive permissi
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarc
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarch
A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.5), this vulnerability is remotely
Same weakness CWE-284 – Improper Access Control
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today