Spring Cloud Gateway Server Webflux Environment Variable Exposure Vulnerability

Vulnerability

A vulnerability exists in certain versions of Spring Cloud Gateway Server Webflux, allowing the exposure of environment variables and system properties to attackers. This issue arises when an admin or untrusted third party uses Spring Expression Language (SpEL) to access these variables through routes. The vulnerability is present if the Spring Cloud Gateway Server Webflux actuator web endpoint is enabled and unsecured, and the actuator endpoints are accessible to attackers.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive environment variables and system properties, potentially allowing attackers to manipulate application behavior or access restricted information.

Added: Oct 16, 2025, 3:23 PM

Updated: Oct 16, 2025, 3:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring Cloud Gateway Server Webflux Environment Variable Exposure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating