Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-41234
CVE-2025-41234:
Java vulnerability analysis and mitigation
Overview
CVE-2025-41234 is a medium-severity vulnerability (CVSS 6.5) discovered in Spring Framework that enables Reflected File Download (RFD) attacks. The vulnerability affects Spring Framework versions 6.0.5-6.0.28, 6.1.0-6.1.20, and 6.2.0-6.2.7, and was disclosed on June 12, 2025. The flaw specifically impacts applications that set Content-Disposition headers with non-ASCII charset where the filename attribute is derived from user-supplied input (Spring Security, Security Online).
Technical details
The vulnerability occurs when an application uses org.springframework.http.ContentDisposition to prepare the Content-Disposition header and sets the filename using ContentDisposition.Builder#filename(String, Charset) with a non-ASCII charset. The vulnerability is triggered when the filename value is derived from unsanitized user input, allowing attackers to inject malicious commands into the downloaded content. The issue has been assigned a CVSS v3.1 score of 6.5 (Medium) with the vector string AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N, indicating network accessibility with high attack complexity, low privileges required, and user interaction needed (Spring Security).
Impact
When successfully exploited, this vulnerability allows attackers to perform Reflected File Download (RFD) attacks. RFD is a technique where attackers can trick a user's browser into downloading a malicious file with a deceptive name and executable content by leveraging improperly set HTTP headers. This can lead to high confidentiality impact and low integrity impact, while availability remains unaffected (Security Online).
Mitigation and workarounds
Users of affected versions should upgrade to the corresponding fixed versions: 6.2.8 for 6.2.x users, 6.1.21 for 6.1.x users, and 6.0.29 for commercial 6.0.x users. Applications are not vulnerable if they don't set Content-Disposition headers, don't use Spring ContentDisposition builder, use filename(String) or filename(String, ASCII) instead of the affected method, or properly sanitize user input (Spring Security).
Community reactions
The vulnerability was responsibly reported by Jakob Linskeseder from the Dynatrace Security Team. Spring has released security patches promptly, with Spring Framework 6.1.21 and 6.2.8 being made available immediately. These versions will be included in upcoming Spring Boot releases 3.4.7 and 3.5.1 (Spring Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management