Severity
High
Analysis Summary
CVE-2025-41235
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-41235
Affected Vendors
VMware
Affected Products
- VMware Spring Cloud Gateway Server 2.2.10.RELEASE - 4.2.2 - 4.3.0
- VMware Spring Cloud Gateway Server MVC 4.1.7 - 4.2.2 - 4.3.0
Remediation
Refer to VMware Spring Security Advisory for patch, upgrade, or suggested workaround information.