A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is in the KEV database since April 4, 2022.

The EPSS score is 0.94428.

Exploitation active

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a Spring Framework affected
Version Status Constraints
Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions affected

Configuration 1 [-]

AND
OR cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*

Configuration 7 [-]

OR cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
CEQ 2.2.1-1 (CVE-2022-22965)
spring-beans cpe:/a:redhat:camel_quarkus:2.2.1 RHSA-2022:1306 2022-04-11T00:00:00Z
Red Hat AMQ 7.8.6
spring-webmvc cpe:/a:redhat:amq_broker:7 RHSA-2022:1626 2022-04-27T00:00:00Z
Red Hat AMQ 7.9.4
spring-webmvc cpe:/a:redhat:amq_broker:7 RHSA-2022:1627 2022-04-27T00:00:00Z
Red Hat Fuse 7.10.2
spring-webmvc cpe:/a:redhat:jboss_fuse:7 RHSA-2022:1360 2022-04-13T00:00:00Z
RHDM 7.12.1 async
spring-webmvc cpe:/a:redhat:jboss_enterprise_brms_platform:7.12 RHSA-2022:1379 2022-04-14T00:00:00Z
RHINT Camel-K 1.6.5
spring-beans cpe:/a:redhat:integration:1 RHSA-2022:1333 2022-04-12T00:00:00Z
RHPAM 7.12.1 async
spring-webmvc cpe:/a:redhat:jboss_enterprise_bpms_platform:7.12 RHSA-2022:1378 2022-04-14T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Cisco Subscribe
Cx Cloud Agent Subscribe
Oracle Subscribe
Commerce Platform Subscribe
Communications Cloud Native Core Automated Test Suite Subscribe
Communications Cloud Native Core Binding Support Function Subscribe
Communications Cloud Native Core Console Subscribe
Communications Cloud Native Core Network Exposure Function Subscribe
Communications Cloud Native Core Network Function Cloud Native Environment Subscribe
Communications Cloud Native Core Network Repository Function Subscribe
Communications Cloud Native Core Network Slice Selection Function Subscribe
Communications Cloud Native Core Policy Subscribe
Communications Cloud Native Core Security Edge Protection Proxy Subscribe
Communications Cloud Native Core Unified Data Repository Subscribe
Communications Policy Management Subscribe
Communications Unified Inventory Management Subscribe
Financial Services Analytical Applications Infrastructure Subscribe
Financial Services Behavior Detection Platform Subscribe
Financial Services Enterprise Case Management Subscribe
Jdk Subscribe
Mysql Enterprise Monitor Subscribe
Product Lifecycle Analytics Subscribe
Retail Bulk Data Integration Subscribe
Retail Customer Management And Segmentation Foundation Subscribe
Retail Financial Integration Subscribe
Retail Integration Bus Subscribe
Retail Merchandising System Subscribe
Retail Xstore Point Of Service Subscribe
Sd-wan Edge Subscribe
Weblogic Server Subscribe
Redhat Subscribe
Amq Broker Subscribe
Camel Quarkus Subscribe
Integration Subscribe
Jboss Enterprise Bpms Platform Subscribe
Jboss Enterprise Brms Platform Subscribe
Jboss Fuse Subscribe
Siemens Subscribe
Operation Scheduler Subscribe
Simatic Speech Assistant For Machines Subscribe
Sinec Network Management System Subscribe
Sipass Integrated Subscribe
Siveillance Identity Subscribe
Veritas Subscribe
Access Appliance Subscribe
Flex Appliance Subscribe
Netbackup Appliance Subscribe
Netbackup Flex Scale Appliance Subscribe
Netbackup Virtual Appliance Subscribe
Vmware Subscribe
Spring Framework Subscribe
Advisories
Source ID Title
Github GHSA Github GHSA GHSA-36p3-wjmg-h94x Remote Code Execution in Spring Framework
Ubuntu USN Ubuntu USN USN-7165-1 Spring Framework vulnerability
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html cve-icon cve-icon
http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-22965 cve-icon
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 cve-icon cve-icon
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement cve-icon
https://tanzu.vmware.com/security/cve-2022-22965 cve-icon cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22965 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-22965 cve-icon
https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html cve-icon
https://www.kb.cert.org/vuls/id/970766 cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
https://www.praetorian.com/blog/spring-core-jdk9-rce/ cve-icon
History

Wed, 22 Oct 2025 00:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.94464}

 epss

{'score': 0.94487}

Wed, 29 Jan 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-04-04'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Fri, 18 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Oracle jdk
CPEs cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
Vendors & Products Oracle jdk

Wed, 14 Aug 2024 01:00:00 +0000

Type Values Removed Values Added
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2025-10-21T23:15:42.792Z

Reserved: 2022-01-10T00:00:00.000Z

Link: CVE-2022-22965

cve-icon Vulnrichment

Updated: 2024-08-03T03:28:42.725Z

cve-icon NVD

Status : Analyzed

Published: 2022-04-01T23:15:13.870

Modified: 2025-10-30T19:56:43.110

Link: CVE-2022-22965

cve-icon Redhat

Severity : Important

Publid Date: 2022-03-30T00:00:00Z

Links: CVE-2022-22965 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses