CVE-2022-22963

KEV EPSS 94.46% · P100 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-22963

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对生成代码的控制不恰当(代码注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Spring Framework 代码注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Spring Framework是美国Spring团队的一套开源的Java、JavaEE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Spring Framework 存在代码注入漏洞。目前暂无该漏洞信息，请随时关注CNNVD或厂商公告。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Spring Cloud Function	Spring Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions	-

II. Public POCs for CVE-2022-22963

#	POC Description	Source Link	Shenlong Link
1	spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963	https://github.com/hktalent/spring-spel-0day-poc	POC Details
2	CVE-2022-22963 PoC	https://github.com/dinosn/CVE-2022-22963	POC Details
3	CVE-2022-22963 Spring-Cloud-Function-SpEL_RCE_exploit	https://github.com/RanDengShiFu/CVE-2022-22963	POC Details
4	None	https://github.com/darryk10/CVE-2022-22963	POC Details
5	None	https://github.com/Kirill89/CVE-2022-22963-PoC	POC Details
6	{ Spring Core 0day CVE-2022-22963 }	https://github.com/stevemats/Spring0DayCoreExploit	POC Details
7	None	https://github.com/puckiestyle/CVE-2022-22963	POC Details
8	Spring Cloud Function Vulnerable Application / CVE-2022-22963	https://github.com/me2nuk/CVE-2022-22963	POC Details
9	This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell".	https://github.com/kh4sh3i/Spring-CVE	POC Details
10	POC for CVE-2022-22963	https://github.com/AayushmanThapaMagar/CVE-2022-22963	POC Details
11	Spring Cloud Function SpEL - cve-2022-22963	https://github.com/twseptian/cve-2022-22963	POC Details
12	CVE-2022-22963 research	https://github.com/SealPaPaPa/SpringCloudFunction-Research	POC Details
13	None	https://github.com/G01d3nW01f/CVE-2022-22963	POC Details
14	Spring Cloud Function SPEL表达式注入漏洞（CVE-2022-22963）	https://github.com/k3rwin/spring-cloud-function-rce	POC Details
15	None	https://github.com/75ACOL/CVE-2022-22963	POC Details
16	None	https://github.com/dr6817/CVE-2022-22963	POC Details
17	None	https://github.com/iliass-dahman/CVE-2022-22963-POC	POC Details
18	spring cloud function 一键利用工具! by charis 博客https://charis3306.top/	https://github.com/charis3306/CVE-2022-22963	POC Details
19	CVE-2022-22963 RCE PoC in python	https://github.com/lemmyz4n3771/CVE-2022-22963-PoC	POC Details
20	CVE-2022-22963 is a vulnerability in the Spring Cloud Function Framework for Java that allows remote code execution. This python script will verify if the vulnerability exists, and if it does, will give you a reverse shell.	https://github.com/J0ey17/CVE-2022-22963_Reverse-Shell-Exploit	POC Details
21	None	https://github.com/Mustafa1986/CVE-2022-22963	POC Details
22	Rust-based exploit for the CVE-2022-22963 vulnerability	https://github.com/SourM1lk/CVE-2022-22963-Exploit	POC Details
23	None	https://github.com/randallbanner/Spring-Cloud-Function-Vulnerability-CVE-2022-22963-RCE	POC Details
24	Binaries for CVE-2022-22963	https://github.com/gunzf0x/CVE-2022-22963	POC Details
25	Exploit for CVE-2022-22963 remote command execution in Spring Cloud Function	https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963	POC Details
26	An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability)	https://github.com/HenriVlasic/Exploit-for-CVE-2022-22963	POC Details
27	This is a POC for CVE-2022-22963	https://github.com/BearClaw96/CVE-2022-22963-Poc-Bearcules	POC Details
28	CVE-2022-22963-poc	https://github.com/xmqaq/CVE-2022-22963	POC Details
29	None	https://github.com/jrbH4CK/CVE-2022-22963	POC Details
30	An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability)	https://github.com/HenriV-V/Exploit-for-CVE-2022-22963	POC Details
31	CVE to CTF FP	https://github.com/Shayz614/CVE-2022-22963	POC Details
32	Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22963.yaml	POC Details
33	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring%20Cloud%20Function%20SpEL%E8%A1%A8%E8%BE%BE%E5%BC%8F%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%20CVE-2022-22963.md	POC Details
34		https://github.com/vulhub/vulhub/blob/master/spring/CVE-2022-22963/README.md	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-22963

请登录查看更多情报信息。

Same Patch Batch · n/a · 2022-04-01 · 32 CVEs total

CVE-2022-25017	9.1 CRITICAL	Hitron Technologies CHITA Router Firmware 操作系统命令注入漏洞
CVE-2022-21235	8.1 HIGH	Command Injection
CVE-2022-24440	8.1 HIGH	Command Injection
CVE-2022-21223	8.1 HIGH	Command Injection
CVE-2022-24066	8.1 HIGH	Command Injection
CVE-2022-22950		Vmware Spring Framework 安全漏洞
CVE-2021-23247		quick game engine 命令注入漏洞
CVE-2021-32503		SICK FieldEcho 资源管理错误漏洞
CVE-2021-3461		Red Hat Keycloak代码问题漏洞
CVE-2021-20295		Red Hat Enterprise Linux 缓冲区错误漏洞
CVE-2021-27223		Kaspersky Anti-Virus安全漏洞
CVE-2022-27534		Kaspersky Anti-Virus 安全漏洞
CVE-2022-25155		Mitsubishi Electric MELSEC iQ-F series 授权问题漏洞
CVE-2022-25156		Mitsubishi Electric MELSEC iQ-F series 加密问题漏洞
CVE-2022-25157		Mitsubishi Electric MELSEC iQ-F series 授权问题漏洞
CVE-2022-25159		Mitsubishi Electric MELSEC iQ-F series 安全漏洞
CVE-2022-25158		Mitsubishi Electric MELSEC iQ-F series 安全漏洞
CVE-2022-25160		Mitsubishi Electric Factory Automation 安全漏洞
CVE-2022-22965		Spring Framework 代码注入漏洞
CVE-2021-3847		Linux kernel 安全漏洞

Showing top 20 of 32 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Spring Cloud Function

CVE-2022-22979
Spring Cloud 安全漏洞

Same vendor: n/a

Same weakness: CWE-94

V. Comments for CVE-2022-22963

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-22963

I. Basic Information for CVE-2022-22963

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2022-22963

III. Intelligence Information for CVE-2022-22963

Same Patch Batch · n/a · 2022-04-01 · 32 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-22963

Leave a comment