Apache CXF and Spring Framework Application Vulnerabilties
Article ID: 410348
Updated On:
Products
CA API Gateway
Issue/Introduction
Apache CXF < 3.6.8 / 4.x < 4.0.9 / 4.1.x < 4.1.3 RCE (CVE-2025-48913) CVE-2025-48913
Spring Framework 5.3.x < 5.3.44 / 6.1.x < 6.1.22 / 6.2.x < 6.2.10 Path Traversal (CVE-2025-41242) CVE-2025-41242
Environment
API Gateway 11.1.2
Resolution
These application vulnerabilities will be fixed in Gateway 11.2 (tentative release end of October or November 2025).
Feedback
Yes
No
Powered by
