Vulnerability scan reports the following when scanning RHEL DLP Detection servers:

CVE-2025-22228
Path :/DataLossPrevention/ServerPlatformCommon/<version>/Protect/lib/jar/spring-security-core-5.8.3.jar
Fixed version : 5.8.18

Symantec Data Loss Prevention 16.x and 16.1.x

RHEL detection servers

DLP is not impacted by CVE-2025-22228

DLP does not use BCrypt. The Spring framework class 'BCryptPasswordEncoder' is not used by DLP source code. The vulnerability cannot be triggered via operation of the DLP software.