[CVE-2025-22235] HIGH: spring-boot 3.3.7 - EndpointRequest.to() wrong matcher

## Vulnerability Report

| Field | Value |
|-------|-------|
| **CVE** | `CVE-2025-22235` |
| **Severity** | **HIGH** |
| **Library** | `org.springframework.boot:spring-boot` |
| **Source** | `workers.jar` |
| **Installed Version** | 3.3.7 |
| **Fixed Version** | 3.3.11, 3.4.5 |

### Summary

Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed.

### References

- [NVD Entry](https://avd.aquasec.com/nvd/cve-2025-22235)

---
*Filed from container vulnerability scan of `workers.jar`*

Field	Value
CVE	`CVE-2025-22235`
Severity	HIGH
Library	`org.springframework.boot:spring-boot`
Source	`workers.jar`
Installed Version	3.3.7
Fixed Version	3.3.11, 3.4.5

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CVE-2025-22235] HIGH: spring-boot 3.3.7 - EndpointRequest.to() wrong matcher #84

Vulnerability Report

Summary

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[CVE-2025-22235] HIGH: spring-boot 3.3.7 - EndpointRequest.to() wrong matcher #84

Description

Vulnerability Report

Summary

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions