Spring Cloud Gateway, Expression Language Injection, CVE-2025-XXXX (Critical)

Listen to this Post

The vulnerability CVE-2025-XXXX in Spring Cloud Gateway Server WebFlux stems from improper input sanitization of user-supplied data that is processed by the Spring Expression Language (SpEL). When a maliciously crafted request is sent to a specific actuator endpoint, it allows for the evaluation of arbitrary SpEL expressions. This occurs because the framework improperly binds and evaluates environment properties from the request parameters without adequate authorization checks. Consequently, an attacker can leverage this to modify critical Spring Environment properties. This modification can alter the application’s configuration at runtime, potentially leading to a complete system compromise by enabling remote code execution within the context of the application server.
Platform: Spring Cloud Gateway
Version: 3.1.0-4.3.0
Vulnerability: SpEL Injection
Severity: Critical

date: 2025-09-16

Prediction: Patch 2025-09-23

What Undercode Say:

curl -X POST http://host:port/actuator/gateway/refresh
curl -X GET “http://host:port/gateway/route?id=123&metadata={T(java.lang.Runtime).getRuntime().exec(‘calc’)}”

How Exploit:

SpEL Environment Modification

Protection from this CVE:

Apply Patched Versions

Impact:

Remote Code Execution

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top