Improper authorization in Spring Cloud Config - CVE-2025-22232
Published: April 8, 2025
Vulnerability identifier: #VU107154
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-22232
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Pivotal
Affected software:
Spring Cloud Config
Spring Cloud Config
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when handling Vault tokens sent via the X-CONFIG-TOKEN header, as the application may not use Vault token sent by the client. The SessionManager persists the first token it retrieves and will continue to use that token even if client requests to the Spring Cloud Config Server include a X-CONFIG-TOKEN header with a different value. A remote attacker can bypass authorization checks and gain unauthorized access to the application.
How to mitigate CVE-2025-22232
Install updates from vendor's website.