{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T01:18:04.565","vulnerabilities":[{"cve":{"id":"CVE-2025-22235","sourceIdentifier":"security@vmware.com","published":"2025-04-28T08:15:15.273","lastModified":"2025-05-16T23:15:19.600","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"EndpointRequest.to() creates a matcher for null\/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.\n\nYour application may be affected by this if all the following conditions are met:\n\n  *  You use Spring Security\n  *  EndpointRequest.to() has been used in a Spring Security chain configuration\n  *  The endpoint which EndpointRequest references is disabled or not exposed via web\n  *  Your application handles requests to \/null and this path needs protection\n\n\nYou are not affected if any of the following is true:\n\n  *  You don't use Spring Security\n  *  You don't use EndpointRequest.to()\n  *  The endpoint which EndpointRequest.to() refers to is enabled and is exposed\n  *  Your application does not handle requests to \/null or this path does not need protection"},{"lang":"es","value":"EndpointRequest.to() crea un comparador para null\/** si el endpoint del actuador, para el que se creó EndpointRequest, está deshabilitado o no está expuesto. Su aplicación puede verse afectada si se cumplen todas las siguientes condiciones: * Utiliza Spring Security * EndpointRequest.to() se ha utilizado en una configuración de cadena de Spring Security * El punto final al que EndpointRequest hace referencia está deshabilitado o no está expuesto a través de la web * Su aplicación gestiona solicitudes a \/null y esta ruta necesita protección no se verá afectado si se cumple alguna de las siguientes condiciones: * No utiliza Spring Security * No utiliza EndpointRequest.to() * El endpoint al que EndpointRequest.to() hace referencia está habilitado y está expuesto * Su aplicación no gestiona solicitudes a \/null o esta ruta no necesita protección"}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}]},"weaknesses":[{"source":"security@vmware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https:\/\/spring.io\/security\/cve-2025-22235","source":"security@vmware.com"},{"url":"https:\/\/security.netapp.com\/advisory\/ntap-20250516-0010\/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}