Security News > 2022 > April > CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency on Monday added the recently disclosed remote code execution vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "Evidence of active exploitation."
The critical severity flaw, assigned the identifier CVE-2022-22965 and dubbed "Spring4Shell", impacts Spring model-view-controller and Spring WebFlux applications running on Java Development Kit 9 and later.
Although exact details of in-the-wild abuse remain unclear, information security company SecurityScorecard said "Active scanning for this vulnerability has been observed coming from the usual suspects like Russian and Chinese IP space."
Cisco, which is actively investigating its line-up to determine which of them may be impacted by the vulnerability, confirmed that three of its products are affected -.
"A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system," VMware said in the advisory.
Pursuant to the Binding Operational Directive issued by CISA in November 2021, Federal Civilian Executive Branch agencies are required to remediate the identified vulnerabilities by April 25, 2022.
News URL
https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
- CISA warns of hackers targeting critical oil infrastructure (source)
- CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |