Primary

Context

VMware Spring Boot ApplicationPidFileWriter PID File Symlink Vulnerability

Vulnerability

Patched

A vulnerability exists in VMware Spring Boot applications using the ApplicationPidFileWriter. A local attacker with write access to the PID file location can corrupt a file on the host each time the application is started. This issue affects Spring Boot versions 4.0.0 through 4.0.5, 3.5.0 through 3.5.13, 3.4.0 through 3.4.15, 3.3.0 through 3.3.18, and 2.7.0 through 2.7.32. Additionally, versions no longer supported are also affected.

Impact

Exploitation of this vulnerability leads to the corruption of a file on the host system each time the affected application is started.

Remediation

Users should upgrade to Spring Boot versions 4.0.6, 3.5.14, 3.4.16 (Enterprise Support Only), 3.3.19 (Enterprise Support Only), or 2.7.33 (Enterprise Support Only).

Added: Apr 28, 2026, 12:28 AM

Updated: Apr 28, 2026, 12:28 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.8

exploitability

4.0

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.8

exploitability

4.0

remediation

7.7

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware Spring Boot ApplicationPidFileWriter PID File Symlink Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Spring Boot

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating