Listen to this Post
The vulnerability CVE-2025-XXXX in Spring Cloud Gateway Server WebFlux stems from improper input sanitization of user-supplied data that is processed by the Spring Expression Language (SpEL). When a maliciously crafted request is sent to a specific actuator endpoint, it allows for the evaluation of arbitrary SpEL expressions. This occurs because the framework improperly binds and evaluates environment properties from the request parameters without adequate authorization checks. Consequently, an attacker can leverage this to modify critical Spring Environment properties. This modification can alter the application’s configuration at runtime, potentially leading to a complete system compromise by enabling remote code execution within the context of the application server.
Platform: Spring Cloud Gateway
Version: 3.1.0-4.3.0
Vulnerability: SpEL Injection
Severity: Critical
date: 2025-09-16
Prediction: Patch 2025-09-23
What Undercode Say:
curl -X POST http://host:port/actuator/gateway/refresh
curl -X GET “http://host:port/gateway/route?id=123&metadata={T(java.lang.Runtime).getRuntime().exec(‘calc’)}”
How Exploit:
SpEL Environment Modification
Protection from this CVE:
Apply Patched Versions
Impact:
Remote Code Execution
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

