← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-22965 — Actively Exploited: Spring Framework (VMware)

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

CVE IDCVE-2022-22965
VendorVMware
ProductSpring Framework
Vulnerability nameSpring Framework JDK 9+ Remote Code Execution Vulnerability
Date added2022-04-04
Remediation due2022-04-25
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionSpring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →