CVE-2025-41254 | VMware Spring Framework up to 5.3.45/6.0.29/6.1.23/6.2.11 STOMP over WebSocket cross-site request forgery (WID-SEC-2025-2320)

A vulnerability was found in VMware Spring Framework up to 5.3.45/6.0.29/6.1.23/6.2.11. It has been rated as problematic. Affected is an unknown function of the component STOMP over WebSocket. The manipulation leads to cross-site request forgery.

This vulnerability is documented as CVE-2025-41254. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More