CSIRT Toscana

CSIRT Toscana

Tag: Spring Framework
Pagina 1 di 1

10 Aprile 2026

Risolta vulnerabilità in Spring Cloud Gateway (AL04/260410/CSIRT-ITA)

Rilevata nuova vulnerabilità, con gravità “alta”, in Spring, noto framework open‑source per lo sviluppo di applicazioni Java, usato in ambito enterprise. Tale vulnerabilità, qualora sfruttata, potrebbe consentire ad un utente malintenzionato di eludere le funzionalità di sicurezza sui sistemi interessati.

Categorie

Alert

Argomenti

Spring Framework

16 Settembre 2025

Risolte vulnerabilità in prodotti Spring (AL01/250916/CSIRT-ITA)

Aggiornamenti di sicurezza risolvono due vulnerabilità, con gravità “alta”, in Spring Framework e Spring Security. Tali vulnerabilità potrebbero consentire ad un utente malintenzionato il bypass dei meccanismi di sicurezza.

Categorie

Alert

Argomenti

Spring Spring Framework Spring Security

Altri argomenti

0-click

0-day

0-day

7-Zip

7-Zip

AC7

Access Rights Manager

Acer

ACN

Acrobat

Acrobat Reader

Acronis

Acronis Cyber Infrastructure

Active Directory

ActiveMQ

Adaptive Security Appliance

Adaptive Security Virtual Appliance

Adattivo

ADAudit Plus

ADC

ADEM

AdminServer

Adobe

Adobe Photoshop

ADSelfService Plus

ADSelfService Plus

Advance Steel

AEM Forms

After Effects

After Effects

Agent Tesla

Agenzia delle Entrate - Riscossione

Agile PLM Framework

AI Core

AI Platform

AI-Bolit

Aiohttp

Airflow

AirPlay

AIX

Akira

Amazon

Amministrazione

Analog Telephone Adapter

Analytics

Analytics Plus

Android

Angular

Animate

Antivirus

AnyConnect VPN Server

AOS-CX

AP

AP6 Series

Apache

Apache AirFlow

Apache ATS

Apache Cassandra

Apache Kafka

Apache Log4j2

Apache NiFi

Apereo

Apex Central

Apex Central

Apex One

Apex One

ApexOne

API Connect

APM Server

Apple

AppSync

Aqua Trivy

Aquabot

ArcaneDoor

Arcserve

Argo CD

Aria Automation

Aria Automation

Aria Operations

Aria Operations

AriaOperations

Arma dei Carabinieri

Aruba

Aruba Networking

ASA

Assets Discovery

Asus

Asustor

async-tar

AsyncOS

Atlassian

Atlassian Confluence

Audition

Authentication Bypass

Authentication Gateway

AutoCAD

Autodesk

Automate

Avalanche

AVEVA

Avi Load Balancer

Avro

AWS

AX10

AX1500

Axios

Axis

Azure

backdoor

Backup & Replication

Backup & Replication

Backup Enterprise Manager

BADCANDY

Bamboo

Bamboo Data Center

Bamboo Data Center

Banco BPM

BarracudaRMM

Beats

BEC

BeeDrive

BeePhotos

BeeStation

BerriAI LiteLLM

Best Practices

BeyondTrust

BI Publisher

BIG-IP

BIG-IP

BIND

Bitdefender

Bitwarden CLI

BNL

BNPP

Boot

Botnet

Bridge

Broadcom

Brocade

bRPC

BruteForce

Business Manager

BusinessObjects

C2

Cacti

Cal.com

Caldera

Callback

Camaleon CMS

Camera

Campagna

Canon

Catalyst Center

Catalyst SD-WAN

CAX30

CentreStack

Chamilo

Chaos Mesh

Chaotic Deputy

Checkmarx KICS

CheckPoint

Chrome

Cisco

Cisco Security Manager

Citrix

Citrix ADC

Citrix Gateway

Citrix Session Recording

Citrix Session Recording

Citrix uberAgent

CitrixBleed2

Civil 3D

ClamAV

Claris

Cleo

ClickFix

Cloud Agent

Cloud Backup Service

Cloud Data Flow

Cloud Foundation

Cloud Foundation

Cloud Foundation Operations

Cloud Gateway

Cloud One Trend Micro

Cloud Platform

Cloud Service Appliance

Cloud Services Application

Cloud Services Application

Cloud Skipper

Cloude Platform

CloudEdge

CloudGatewayServer

CloudLinuxSoftware

ColdFusion

Collaboration Daffodil

Collaboration Daffodil

Collaboration Joule

Collaboration Joule

Collaboration Kepler

Collaboration Kepler

Commerce

Commons Text

Community Editio

Community Edition

Community Edition

Commvault

Commvault Command Center

Compass

Concurrent Processing

ConfD

Configurator

Confluence

Confluence Data Center

Confluence Server

Connect

Connect Secure

ConnectWise

ConneXium Network Manager

Console On-Premise

Control Center

Coolify

Coretx XSIAM

corrispondenza

Cortex XSOAR

Cortex XSOAR

Coruna

cPanel

CPU-Z

CPUID

CPython

Craft CMS

CraftCMS

CraftCommerce

Critical Patch Update

Critical Patch Update

Crosswork Network Services Orchestrator

CrowdStrike

CrushFTP

CSA

CSIRT

CUPS

cURL

CVE-2025-32434

CVE-2025-8110

CWMP

Cyber Protect

Cyber Protect Cloud

Cyber Protect Cloud Agent

CyberPanel

D-Link

D-Link

Dahua

DameWare

DarkTortilla

Data Center

DataLakehouse

Db2

Decathlon

Deep Security Agent

Deep Security Agent

Dell Technologies

Desktop and Server Management

Desktop Central

Device Code Grant

DHCP

Diagnostic Tool

Digiever

Dimension

Directus

DiskStation Manager

Django

DNG SDK

DNN

Docker

Docker Desktop

Docs@Work for Android

DolphinScheduler

DrayTek

Dreamweaver

Drive Client

Drive Server

dropper

Drupal

Drupal Core

DSL CPE

DSM

DSMUC

DWG TrueView

DXP

E-Business Suite

EasyTune

EBS

ECE

EcoStruxure

ECS

ECS Connection Manager

Elastic Cloud Enterprise

Elastic Cloud Enterprise

Elastic NV

Elastic NV

Email Security

EMM

Endpoint Manager

Endpoint Manager

Endpoint Manager for Mobile

Endpoint Privilege Management

Endpoint Security

EndpointManager

Enterprise

Enterprise Edition

Enterprise Edition

Enterprise Protection

Enterprise Server

EoL

EPM

EPMM

EPSS

Erlang Solutions

Erlang/OTP

Eset

ESXi

Evolved Programmable Network Manager

Exchange Reporter Plus

Exim

Expedition

Experience Manager Forms

Exploitation

Exploited

Expressway

Exynos

F5 Networks

F5OS

Fabric OS

Facebook

FalconSensor

Fattura

Figma

File Browser

FileBrowser

FileCatalyst

FileCatalyst Workflow

FileMaker Server

FileSender

Finesse

Firebox

Firefox

Firefox ESR

Firefox ESR

Firefox for iOS

Firepower Management

Firepower Threat Defense

FIRESTARTER

Firewall Gen7

Firewall Gen8

Fireware OS

FirewareOS

Fleet Server

FlowiseAI

Flowmon

Fluent Bit

FluentBit

Focus

fontTools

FormatPlugins

Formbook

Formbricks

FortiADC

FortiAIOps

FortiAnalyzer

FortiCamera

FortiClientEMS

FortiClientLinux

FortiClientMac

FortiClientWindows

FortiDDoS-F

FortiDLP

FortiEDR

FortiExtender

FortiFone

Fortigate

FortiIsolator

Fortimail

FortiManager

FortiManager Cloud

FortiNDR

Fortinet

FortiOS

FortiPAM

FortiPortal

FortiProxy

FortiRecorder

FortiSandbox

FortiSASE

FortiSIEM

FortiSOAR

FortiSRA

FortiSwitch

FortiSwitchAXFixed

FortiSwitchManager

FortiVoice

FortiWeb

FortiWebManager

FortiWLM

Fortra

Foundation

Framemaker

Framework

Freedom

FreeFlow Core

FreePBX

FreeType

fscan

FTD

FTP

Fusion

Gateway

GCC

Gen7

Generali

GeoServer

GFI Archiver

Ghostscript

Gigabyte

Git

GitHub

GitHub Enterprise Server

GitLab

GitlLab

GL iNet

GL.iNet

Gladinet

glibc

GlobalProtect App

GMS

GNU

GoAnywhere MFT

GoAnywhere MFT

GodPotato

Gogs

Google

Google Chrome

Google Docs

Grafana

GravityZone

GravityZone Control Center

Greenshot

GridFS

GuLoader

Hadoop

Hardening

Harmony

HBS 3 Hybrid Backup Sync

HCX

HikCentral

Hikvision

HPE

HPE Aruba

HTTP Server

HTTP Server

HTTP/2

HTTP/2

HttpClient

HugeGraph

HWMonitor

Hype

Hypervisor

IBM

IceWarp

iCloud

ICS

IdendityIQ

Illustrator

Image Builder

Image-Builder

IMC

Imperva

Imunify360

ImunifyAV

Incident

InCopy

InDesign

Inetutils

info-stealer

Infostealer

Infrastructure Parts Editor

InfraWorks

Ingress

Ingress Controller

Ingress-NGINX

IngressNightmare

INPS

Instagram

Integrated Management Controller

Integrated Management Controller

Intelligent Node

Intercept X

Intercom Broadcasting System

InterMesh Subscriber

Internet Security

Intesa Sanpaolo

Intesa Sanpaolo

Intune

IoC

iOS

IOS XE

IOS XE

IOS XR

IOS XR

IoT

iPadOS

IPS

ISAC

ISC

ISE-PIC

Ivanti

Ivanti Application Control

Ivanti Connect Secure

Ivanti Connect Secure

Ivanti EPM

Ivanti EPM

Ivanti Neurons

Ivanti Policy Secure

Ivanti Policy Secure

Ivanti Security Controls

Ivanti Sentry

IWC

Java

JBoss

JDBC

Jenkins

Jenkins Core

Jenkins LTS

Jenkins Security Advisory

Jenkins weekly

JetBrains

Jira

Jira Core Data Center

Joomla!

jsPDF

JumpServer

Juniper Networks

Juniper Networks

Juniper Secure Analytics

Junos OS

Junos OS

Junos OS Evolved

Junos OS Evolved

Junos Space

JunosOS

JunosOS Evolved

JunosOSMXSeries

KEA

kernel

Kibana

Kibana Google Gemini Connector

Klarna

KQL query

KSMBD

Kubernetes

KVM

La settimana cibernetica

Langflow

Lanscope Endpoint Manager

Laravel

LDAP

Lectora

LegionLoader

Lens

LexiCom

LG

LG WebOS TV

libexpat

liblzma

libpng

Libraesva

LibreOffice

License Central

Liferay

Lightroom

Linux

LoadMaster

Log Server

Log360

Log4cxx

LogScale

Logstash

LummaC2

LXware

Lynx

LynxTechnology

macOS

MacroHUB

Magento

MagicINFO

malspam

Malvertising

malware

Manage

ManageEngine

ManagementAgent

MARS

Mastodon

Mattermost

Mautic

MCP

MDM

Media Encoder

Media Server for DSM

Media Streaming

MediaTek

Meeting

Meeting Management

Meeting SDK

Meeting SDK

MegaRAC SPx

Meraki

Meraki MX

Meraki Z

Messages

Metabase

MiCollab

MiContactCenterBusiness

Microsoft

Microsoft 365

Microsoft Edge

Microsoft Graph

Microsoft Outlook

MikroTik

Ministero della Difesa

Mirai

Mirth Connect

MISP

Mitel

MITM

MITRE

MiVoice

MobileIron Core

Moby

Modicon

Modicon Controllers

MondoDB

Mongo DB

Mongo-c-driver

MongoDB

MongoDB C Driver

MongoDB libbson

MongoDB PHP Driver

MongoDB Server

MongoDB Server

MongoDBServer

mongosh

Monsta FTP

Moodle

Motex

MOVEit

MOVEit Transfer

MOVEit WAF

Mozilla

MTA

myQNAPcloud

MySonicWall

N-able

N-central

n8n

Nagios

NAKIVO

NAS

Navisworks

NDFC

Needrestart

Nessus

Nessus Manager

Netbird VPN

NetExtender

Netgear

NetScaler

NetScaler ADC

NetScaler Gateway

Netty

NetWeaver

Networks Expedition

Neurons

Neurons Agent Platform

Neurons for ITSM

Neurons for Patch Management

Neurons for Secure Access

Next.js

Next.js

Nextcloud Server

NextGen HealthCare

Nexus

Nexus Dashboard

Nexus switch

nf_tables

NGINX

Ni8mare

Ninja Forms

NMS300

node-SAML

Node.js

Node.js

NodeStealer

Notepad++

Notes Station

Now Platform

Now Platform

NPM

NSX

Nuttx

NVDebug

NVIDIA

NVR

NX-OS

OAuth

OAuth 2.0

ObjectScale

OFBiz

Ollama

Omada

Omnissa

One

OneView

open source

Open WebUI

OpenAM

OpenCTI

OpenEdge

OpenID Connect

OpenIdentityPlatform

OpenMetadata

OpenOffice

OpenPrinting

OpenShift

OpenShift AI

OpenSSH

OpenSSL

OpenVPN

OpenWrt

Operation 99

Operation ForumTroll

Oracle

Outlook

OwnCloud

pac4j

Packetbeat

Palo Alto Networks

Palo Alto Networks

PAM360

Pan-OS

PAN-OS

PaperCut

Paragon

Paragon Active Assurance

Parallels Desktop

Parallels Desktop

Parquet

Partner Center

Password Manager Pro

Patch for Configuration Manager

Patch-Tuesday

Patch-Tuesday

Path-Tuesday

PayPal

PerfMonitor 2

pgAdmin

PgBouncer

pgvector

phishing

Phishing Microsoft

Photos

Photoshop

PHP

PikaBot

Pixel

Pixels

Platform

plesk

Plex Media Server

Pluggable Authentication Modules framework

plugin

PoC

Policy Secure

Policy Secure Gateways

Poste Italiane

PostgreSQL

Potentially Exploitable

Power Pages

PowerLogic

Premier Pro

Premiere Pro

Premiere Pro

PrestaShop

Presto File Client

Privileged Remote Access

Privileged Remote Access

ProFTPD

Progress

Progress Software

Progress Software

Project RedPenguin

Proofpoint

protobufjs

Protocol Buffers

PTX Series

Pulse Connect Secure

PuTTy

PyCharm

PyPI

Python

PyTorch

Qfiling

Qfinder Pro

Qlik

Qlik Sense Enterprise

QNAP

Qsync Central

QTS

QTS QuTS hero

Qualcomm

Quishing

QuLog Center

QuMagie

QuRouter

QuTS hero

QuTScloud

QVPN Device Client

R

R.V.R Elettronica

R7000

RaaS

Ransomware

RARLAB

RAT

RAX30

RCE

Rclone

React Native Community

ReactServerComponents

Reader

Realtek

Recovery Orchestrator

RecoveryPointforVirtualMachines

Red Hat

RedHat

Redis

Regione Toscana

reGorg

regreSSHion

Remote Support

Remote Support

Replication Service

Revit

Rexml

Rhadamantys

RISK:STATION

Rooms

Rooms Client

Rooms Client

Rooms Controller

RoundCube

Router

Rsync

Ruby

RubyGems

Rufus

Runtime UI

Rust

RustFS

Safari

SailPoint

Salesforce

SambaSpy

saml

Samsung

SAP

SAPSetup

SCADAPack

Scam

Schneider Electric

Schneider Electric

ScreenConnect

SD WAN

SD-WAN

Secure Access

Secure Access Client

Secure client

Secure Email and Web Manager

Secure Email Gateway

Secure Email Gateway

Secure Endpoint

Secure Firewall

Secure Firewall Management Center

Secure Firewall Threat Defense Virtual

Secure Gateway

SecureSphere

Security Director

Security Gateways

Security Patch Day

Security router

Security Verify Access

SecurityCenter

SEM

Sentry

Serv-U

Serv-U

Server

Service Provider Console

Service Tags

ServiceNow

ShadowV2

Shai-Halud

ShareFile

SharePoint

SICAM

Siemens

Signal

Silicon Labs

SimpleHelp

Simulate

SINEC INS

SiPass Integrated

Sitecore

Sitefinity

Siveillance Video

SMA 100

SMA100

SMA1000

Smart Software Manager

Smart Software Manager On-Prem

SmarterMail

SmarterTool

SmarterTools

SMB

Smishing

Snort Rule

Social Engineering

SolarWinds

Sondaggio

SonicOS

SonicWall

Sophos

Sourcetree

Spear Phishing

SpearPhishing

Splunk

Splunk Cloud Platform

Splunk Enterprise

SplunkMCPServer

Spoofing

Spring

Spring Framework

Spring Security

SpringAI

SpringCloudConfig

Squid

SSL VPN

SSL-VPN

Stampanti multifunzione

Stork

strongSwan

Struts

Substance 3D Designer

Substance 3D Modeler

Substance 3D Painter

Substance 3D Painter

Substance 3D Sampler

Substance 3D Stager

Substance 3D Stager

Substance 3D Viewer

Substance3DModeler

Substance3DPainter

Substance3DStager

Substance3DViewer

Sudo

Superset

supply chain attack

Suricata

Surveillance Station

Symantec

SymDiag

Symfony

Syncope

Synology

systeminformation

Tableau

Takeover

TARmageddon

Teamcity

TeamPCP

Tecnomatix Plant Simulation

Telco Cloud Infrastructure

Telco Cloud Platform

Telegram

TelePresence

Telerik Report Server

Telerik Reporting

Telnet

Telnyx

Tempo

Tenable

Tenable Patch Management

Tenda

Thales

ThreadHijacking

Thuderbird ESR

Thunderbird

Thunderbird ESR

Thunderbird ESR

ThunderKitty

TIM

Tinyproxy

TMEE PolicyServer

Tomcat

Tools

Total Security

ToxicPanda

TP-Link

Traffic Server

Transfer

Trellix

Trend Micro

Trend Micro

Trenitalia

TrioFox

Triton Inference Server

trojan

TrueConf

tvOS

TwonkyServer

Typo3

Ubiquiti

UDisks

UDP

UEFI

UI Macros

UIWS

Unified CM IM&P

Unified Communications Manager

Unified Communications Manager SME

Unified Intelligence Center

Unity Connection

Unity Connection

Unix

Update Server

uri gem

vCenter Server

vCenter Server

Veeam

Velocity License Server

VenomStealer

Vercel

Verify Identity Access

Versalink

Video SDK

Video Station

Vigor

Vijeo Designer

Vim

Violazione codice della strada

Virtual Apps and Desktops

Virtual Apps and Desktops

Virtual Delivery Agent

Virtual Traffic Manager

Vishing

visionOS

Visual Composer Framework

VLTrader

vm2

VMWare

VMware Aria Automation

VMware Cloud Foundation

VMware SD-WAN Orchestrator

VMware Tools

VNC

VPN

VSPC

vSphere

Vulnerabilità

WAF

Warlock

WatchGuard

watchOS

Wazuh

Web Dispatcher

Web Help Desk

Web Help Desk

Web Security Services

Webex

Webex Calling Dedicated Instance

Webex Meetings

WebHelpDesk

WebKit

Webmail

WFBS

WFBSS

Wget2

Whatsapp

WhatsUp Gold

WhatsUp Gold

WHD

WHM

WiFi

WildFly

Windmill

Windows

Windows Admin Center

Windows Server

Wing FTP Server

WinRAR

Wireless Access Point

WithSecure

WLCAireOS

WordPress

Workplace

Workspace

Workspace ONE UEM

Workstation

Workstation Cloud

Workstation Pro

WP2

WSUS

X.Org

Xcode

XenServer

Xerox

XR1000

XR1000v2

Xserver

XSRF

Xwayland

XWiki

XWorm

XZ Utils

Yara Rule

yiiframework

YouTrack

Zabbix

Zammad

ZCS

zero-day

Zigbee

Zimbra

Zimbra Collaboration Suite

Zlib

Zoho

Zoom

ZTA Gateway

ZTA Gateways

ZTA Gateways

Zyxel