Spring Product Security Update Advisory (CVE-2025-41253)

Oct 20 2025

Overview

We have released security updates to fix vulnerabilities in Spring products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-41253

Spring Cloud Gateway version: 4.3.0 or higher but lower than 4.3.2
Spring Cloud Gateway version: 4.2.0 or later but not earlier than 4.2.6
Spring Cloud Gateway version: 4.1.0 or higher but lower than 4.1.12
Spring Cloud Gateway version: 4.0.0
Spring Cloud Gateway version: 3.1.0 or higher but lower than 3.1.12

Resolved Vulnerabilities

Environment variable and system property exposure vulnerability in Spring Cloud Gateway (CVE-2025-41253)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-41253

Spring Cloud Gateway version: 4.3.2
Spring Cloud Gateway version: 4.2.6
Spring Cloud Gateway version: 4.1.12
Spring Cloud Gateway version: 3.1.12

References

[1] CVE-2025-41253: Using Spring Expression Language To Expose Environment Variables and System Properties
https://spring.io/security/cve-2025-41253

Spring Product Security Update Advisory (CVE-2025-41253)

GitLab Product Security Update Advisory

Microsoft Edge browser (141.0.3537.85) version security update advisory

Tags:

GitLab Product Security Update Advisory

Microsoft Edge browser (141.0.3537.85) version security update advisory