Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn more![]() |
VOOZH | about |
The Spring Security and Spring Framework teams have collaborated to release fixes for the following CVEs.
Both of these CVE reports pertain to vulnerabilities that may be encountered when using security annotations on methods within type hierarchies with a parameterized super type with unbounded generics. See the individual CVE reports for further details.
The Spring Security 6.4.11 and 6.5.5 open source releases address CVE-2025-41248.
The Spring Framework 6.2.11 open source release addresses CVE-2025-41249.
Open source support for the Spring Framework 5.3.x and 6.1.x generations has ended; however, this fix has been applied to the Spring Framework 5.3.45 and 6.1.23 commercial releases, which are available now.
If you are not a commercial customer, please consider upgrading to a supported open source version of Spring Framework at your earliest convenience. Commercial customers using Spring Boot 2.7, 3.2, or 3.3 can make use of Spring Boot Hotfix releases 2.7.29.1, 3.2.18.1, and 3.3.15.1. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription.
VMware offers training and certification to turbo-charge your progress.
Learn moreTanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreCheck out all the upcoming events in the Spring community.
View all