During a security scan, the spring related medium risk vulnerabilities CVE-2025-41242 and CVE-2025-41249 were flagged on Dollar Universe components.

The spring framework versions delivered on current 7.01.11 and previous versions of Dollar Universe Java components seem to be part of those affected.

Are Dollar Universe components affected by these vulnerabilties? Can they be exploited?

Dollar Universe 7.01.11 and previous versions.

Mitigation:

Nothing to do as Dollar Universe components are not vulnerable to any of these medium cves:

1. https://spring.io/security/cve-2025-41242
   Our products are no war/embedded servlet vulnerable to this.
2. https://spring.io/security/cve-2025-41249
   @EnableMethodSecurity is not used on our products

Solution:

An updated fixed version of spring framework will be included on next version 7.01.21 of the Dollar Universe components, currently planned to be released in July 2026.