CVE-2025-41243 POC (Proof-of-Concept)

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification.

An application should be considered vulnerable when all the following are true:

* The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).
* Spring Boot actuator is a dependency.
* The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway.
* The actuator endpoints are available to attackers.
* The actuator endpoints are unsecured.

Published: 2025-09-16

CVSS: 10.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Download CVE-2025-41243 POC (Proof-of-Concept) here:

http://zeroday4n6aaxjruc5jgvulkdgy4mkioom5g6q7l3nz475a62vmamiyd.onion/exploit-for-cve-2025-41243.767/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://connollyfinan.ie/poc-499-cve-2019-0708/

https://connollyfinan.ie/poc-437-cve-2024-5806/

https://connollyfinan.ie/poc-504-cve-2017-3036/

https://connollyfinan.ie/poc-379-cve-2023-3519/