Spring
CVE-2025-70983
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.
AnalysisAI
SpringBlade v4.5.0 has an access control flaw in authRoutes allowing low-privileged users to escalate to admin through the authentication routing mechanism.
Technical ContextAI
SpringBlade v4.5.0 has a CWE-284 incorrect access control vulnerability in the authRoutes function that allows users with low-level privileges to access administrative routes and escalate their permissions.
RemediationAI
Update SpringBlade. Review route authorization configurations.
Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. Rated critical severi
Access control bypass in SpringBlade v4.5.0 importUser function allows low-privileged users to import sensitive user dat
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant
Spring Security Aspects may not correctly locate method security annotations on private methods. Rated critical severity
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been crea
Arbitrary command execution in the VSCode Spring CLI extension allows local users with interactive access to execute arb
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to
Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. Ra
Spring Data Geode's snapshot import functionality uses predictable temporary directories with overly permissive permissi
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarc
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarch
A vulnerability was found in Exrick xboot up to 3.3.4. Rated medium severity (CVSS 5.5), this vulnerability is remotely
Same weakness CWE-284 – Improper Access Control
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today