Spring Product Security Update Advisory (CVE-2024-38819)

Dec 30 2025

Overview

We have released an update to address a vulnerability in our Spring products. Users of affected versions are advised to update to the latest version.

Affected Products

CVE-2024-38819

Spring Framework versions: 5.3.0 (inclusive) ~ 5.3.40 (inclusive)
Spring Framework versions: 6.0.0 (inclusive) ~ 6.0.24 (inclusive)
Spring Framework versions: 6.1.0 (inclusive) ~ 6.1.13 (inclusive)

Resolved Vulnerabilities

Path traversal attack vulnerability in applications using WebMvc.fn or WebFlux.fn when a static resource is provided by RouterFunctions and the resource is configured using FileSystemResource (CVE-2024-38819)

Vulnerability Patches

The following product-specific vulnerability patches have been made available in the latest update. If you are using an affected version, please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-38819

Spring Framework version: 5.3.41
Spring Framework version: 6.0.25
Spring Framework version: 6.1.14

Referenced Sites

[1] CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report)

https://spring.io/security/cve-2024-3881

Spring Product Security Update Advisory (CVE-2024-38819)

WatchGuard Product Security Update Advisory (CVE-2025-14733)

Palo Alto Networks (PAN-OS, Prisma Access) Products December 2024 Security Update Advisory

Tags:

WatchGuard Product Security Update Advisory (CVE-2025-14733)

Palo Alto Networks (PAN-OS, Prisma Access) Products December 2024 Security Update Advisory