CVE-2025-22234 | Spring Security up to 6.4.4 DaoAuthenticationProvider timing discrepancy

Inserito da Angelo Barbosa | Gen 23, 2026 | CVE

A vulnerability was found in Spring Security up to 6.4.4. It has been rated as problematic. This issue affects some unknown processing of the component DaoAuthenticationProvider. Performing a manipulation results in observable timing discrepancy.

This vulnerability is cataloged as CVE-2025-22234. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.

CVE-2025-22234 | Spring Security up to 6.4.4 DaoAuthenticationProvider timing discrepancy

Post correlati

CVE-2024-1349 | EmbedPress Plugin up to 3.9.8 on WordPress Shortcode cross site scripting

CVE-2025-5984 | SourceCodester Online Student Clearance System 1.0 /Admin/add-fee.php txtamt cross site scripting

CVE-2025-40670 | TCMAN GIM 11 POST Request updateUser authorization

CVE-2024-43164 | Blockspare Plugin up to 3.2.0 on WordPress cross site scripting