Skip to main content

Spring CVE-2025-70983

CRITICAL
Improper Access Control (CWE-284)
2026-01-23 cve@mitre.org
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 23, 2026 - 19:15 nvd
CRITICAL 9.9

DescriptionCVE.org

Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.

AnalysisAI

SpringBlade v4.5.0 has an access control flaw in authRoutes allowing low-privileged users to escalate to admin through the authentication routing mechanism.

Technical ContextAI

SpringBlade v4.5.0 has a CWE-284 incorrect access control vulnerability in the authRoutes function that allows users with low-level privileges to access administrative routes and escalate their permissions.

RemediationAI

Update SpringBlade. Review route authorization configurations.

More in Spring

View all
CVE-2025-41243 CRITICAL POC
10.0 Sep 16

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. Rated critical severi

CVE-2025-70982 CRITICAL POC
9.9 Jan 26

Access control bypass in SpringBlade v4.5.0 importUser function allows low-privileged users to import sensitive user dat

CVE-2025-41242 MEDIUM POC
5.9 Aug 18

Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant

CVE-2025-41232 CRITICAL
9.1 May 21

Spring Security Aspects may not correctly locate method security annotations on private methods. Rated critical severity

CVE-2025-22235 HIGH
7.3 Apr 28

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been crea

CVE-2026-22718 MEDIUM
6.8 Jan 14

Arbitrary command execution in the VSCode Spring CLI extension allows local users with interactive access to execute arb

CVE-2025-41234 MEDIUM
6.5 Jun 12

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to

CVE-2025-22223 MEDIUM
5.3 Mar 24

Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. Ra

CVE-2026-2817 MEDIUM
4.4 Feb 19

Spring Data Geode's snapshot import functionality uses predictable temporary directories with overly permissive permissi

CVE-2025-41249 HIGH
7.5 Sep 16

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarc

CVE-2025-41248 HIGH
7.5 Sep 16

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarch

CVE-2025-8525 MEDIUM POC
5.5 Aug 04

A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.5), this vulnerability is remotely

Share

CVE-2025-70983 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy