heise PlusAbo
Anzeige

Security update: Unauthorized access to VMware Tanzu Spring Boot possible

Admins should update software development environments with VMware Tanzu Spring Boot for security reasons.

listen Print view

(Image: Alfa Photo/Shutterstock.com)

1 min. read
Security
By

Under certain conditions, attackers can exploit a vulnerability in VMware Tanzu Spring Boot and gain unauthorized access. The developers have now closed the vulnerability.

Software developers use Spring Boot to create Java applications more efficiently. However, in order for attackers to be able to exploit the vulnerability (CVE-2025-22235 “high”), several requirements must be met. Among other things, Spring Security must be used and configured with EndpointRequest.to ().

Videos by heise

If this is the case, attackers can exploit the vulnerability. It is not yet clear how such an attack could take place. There is no indication in the warning message that there are already attacks. However, admins should not wait too long to install the security update. According to the developers, the following versions are protected against the described attack. All previous versions are said to be vulnerable.

  • 2.7.25
  • 3.1.16
  • 3.2.14
  • 3.3.11
  • 3.4.5

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten