June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
LokiBot Malware – Active IOCs
April 29, 2025
Multiple Juniper Networks Vulnerabilities
April 29, 2025
LokiBot Malware – Active IOCs
April 29, 2025
Multiple Juniper Networks Vulnerabilities
April 29, 2025
Severity
High
Analysis Summary
CVE-2025-22235
EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected if it uses Spring Security with EndpointRequest.to() in the security chain, and the referenced endpoint is disabled or not exposed via web. This can lead to unexpected behavior if your application handles /null paths that require protection.
Impact
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-22235
Affected Vendors
VMware
Affected Products
- VMware Tanzu Spring Boot - 2.7.0
- VMware Tanzu Spring Boot - 3.1.0
- VMware Tanzu Spring Boot - 3.2.0
- VMware Tanzu Spring Boot - 3.3.0
- VMware Tanzu Spring Boot - 3.4.0
Remediation
Upgrade to the latest version of Spring Boot, available from the VMware Security Advisory.