| Name | CVE-2025-41243 | 
| Description | Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.  An application should be considered vulnerable when all the following are true:    *  The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).   *  Spring Boot actuator is a dependency.   *  The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway.   *  The actuator endpoints are available to attackers.   *  The actuator endpoints are unsecured. | 
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |