A serious vulnerability related to information exposure (CVE-2025-22234) impacts several versions of the spring-security-crypto package. The flaw enables attackers to determine valid usernames through timing attacks, undermining a key security feature designed to prevent user enumeration. The vulnerability affects Spring Security versions 5.7.16, 5.8.18, 6.0.16, 6.1.14, 6.2.10, 6.3.8, and 6.4.4. Patches are now available through […]
The post Spring Security Vulnerability Let Attackers Determine Which Usernames are Valid appeared first on Cyber Security News.
This article has been indexed from Cyber Security News