CVE-2025-22234

Medium CVSS: 5.3

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations.

Vendor

Product

CWE

CWE-208

Yayın Tarihi

2026-01-22 21:15:49

Güncelleme

2026-01-26 15:04:14

Source Identifier

security@vmware.com

KEV Date Added

Kategoriler

CWE-208 MEDIUM 2026

Referanslar

https://spring.io/security/cve-2025-22234/