spring-websocket-6.2.10.jar: 1 vulnerabilities (highest severity is: 4.3)

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Library - spring-websocket-6.2.10.jar</summary>

Spring WebSocket
Library home page: <a href="https://github.com/spring-projects/spring-framework">https://github.com/spring-projects/spring-framework</a>
Path to dependency file: /dgrv4_Gateway_serv/build.gradle
Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework/spring-websocket/6.2.10/cc662b365de5bc2f912d3b72a4d213f9c73f8805/spring-websocket-6.2.10.jar


</details>

## Vulnerabilities

| Vulnerability | Severity | <img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS | Dependency | Type | Fixed in (spring-websocket version) | Remediation Possible** |
| ------------- | ------------- | ----- | ----- | ----- | ------------- | --- |
| [CVE-2025-41254](https://www.mend.io/vulnerability-database/CVE-2025-41254) | <img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> Medium | 4.3 | spring-websocket-6.2.10.jar | Direct | 6.2.12 | &#10060; |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

## Details

<details>

<summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png?' width=19 height=20> CVE-2025-41254</summary>


### Vulnerable Library - spring-websocket-6.2.10.jar

Spring WebSocket
Library home page: <a href="https://github.com/spring-projects/spring-framework">https://github.com/spring-projects/spring-framework</a>
Path to dependency file: /dgrv4_Gateway_serv/build.gradle
Path to vulnerable library: /tmp/containerbase/cache/.gradle/caches/modules-2/files-2.1/org.springframework/spring-websocket/6.2.10/cc662b365de5bc2f912d3b72a4d213f9c73f8805/spring-websocket-6.2.10.jar


Dependency Hierarchy:
 - :x: **spring-websocket-6.2.10.jar** (Vulnerable Library)
Found in base branch: main




### Vulnerability Details
 
 
Spring Framework STOMP CSRF Vulnerability - STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages.

Publish Date: 2025-10-16
URL: <a href=https://www.mend.io/vulnerability-database/CVE-2025-41254>CVE-2025-41254</a>




### CVSS 3 Score Details (4.3)


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: Required
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: None
 - Integrity Impact: Low
 - Availability Impact: None

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.




### Suggested Fix


Type: Upgrade version
Origin: <a href="https://spring.io/security/cve-2025-41254">https://spring.io/security/cve-2025-41254</a>
Release Date: 2025-10-15
Fix Resolution: 6.2.12






Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
</details>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

spring-websocket-6.2.10.jar: 1 vulnerabilities (highest severity is: 4.3) #91

Vulnerabilities

Details

Vulnerable Library - spring-websocket-6.2.10.jar

Vulnerability Details

CVSS 3 Score Details (4.3)

Suggested Fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

spring-websocket-6.2.10.jar: 1 vulnerabilities (highest severity is: 4.3) #91

Description

Vulnerabilities

Details

Vulnerable Library - spring-websocket-6.2.10.jar

Vulnerability Details

CVSS 3 Score Details (4.3)

Suggested Fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions