Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header
Posted: Sun Jun 15, 2025 6:03 am
A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware’s Spring Framework has been patched, affecting multiple versions of the widely used Java framework.
The flaw enables attackers to execute malicious code by exploiting improperly configured Content-Disposition headers in a web application.
https://gbhackers.com/spring-framework-flaw/
The flaw enables attackers to execute malicious code by exploiting improperly configured Content-Disposition headers in a web application.
https://gbhackers.com/spring-framework-flaw/