Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. These flaws arise when using Spring Security’s @EnableMethodSecurity feature in conjunction with method-level annotations such as @PreAuthorize and @PostAuthorize. In applications where service interfaces or abstract base classes employ unbounded […]
The post Spring Framework Security Flaws Enable Authorization Bypass and Annotation Detection Issues appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: