June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
North Korean APT Kimsuky aka Black Banshee – Active IOCs
May 30, 2025
Multiple Apache Products Vulnerabilities
May 30, 2025
North Korean APT Kimsuky aka Black Banshee – Active IOCs
May 30, 2025
Multiple Apache Products Vulnerabilities
May 30, 2025
Severity
High
Analysis Summary
CVE-2025-41235
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-41235
Affected Vendors
VMware
Affected Products
- VMware Spring Cloud Gateway Server 2.2.10.RELEASE - 4.2.2 - 4.3.0
- VMware Spring Cloud Gateway Server MVC 4.1.7 - 4.2.2 - 4.3.0
Remediation
Refer to VMware Spring Security Advisory for patch, upgrade, or suggested workaround information.
