CVE-2025-22228

Sažetak

BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.

Reference

https://spring.io/security/cve-2025-22228
https://security.netapp.com/advisory/ntap-20250425-0009/

CVSS

Base:	7.4
Impact:	5.2
Exploitability:	2.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

25-04-2025 - 23:15

Objavljeno

20-03-2025 - 06:15