Key Information CVE ID: CVE-2025-41248 Vulnerability Type: Spring Security authorization bypass for method security annotations on parameterized types Severity: MEDIUM Release Date: September 15, 2025 Description: - The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies that include a parameterized super type with unbounded generics. - This can lead to issues when using and other method security annotations, potentially resulting in an authorization bypass. Affected Products and Versions: - Spring Security: - 6.4.0 - 6.4.9 - 6.5.0 - 6.5.3 Mitigation: - Follow the mitigation steps outlined in CVE-2025-41249. - Upgrade to the corresponding fixed version: Discoverer: An anonymous individual Reference Links: NVD