Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2022-22965
PUBLISHEDA Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific...
- Vendor
- VMware
- Product
- Spring Framework
- Published
- Apr 01, 2022
- EPSS
- 94.4% · 100% pctl
Description
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitation status
Exploited in the wild
Recorded 2022-04-04 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://tanzu.vmware.com/security/cve-2022-22965
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005
- http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 04, 2022 |
| The Shadowserver (via CIRCL) | May 31, 2026 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/spring_framework_rce_spring4shell.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22965.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-06-20 11:45:29 UTC · 2 stars
PoC and exploit for CVE-2022-22965 Spring4Shell
github · Created 2022-12-28 04:50:16 UTC · 100 stars
CVE-2022-22965\Spring-Core-RCE核弹级别漏洞的rce图形化GUI一键利用工具,基于JavaFx开发,图形化操作更简单,提高效率。
github · Created 2022-11-08 13:45:35 UTC · 4 stars
CVE-2022-22965图形化检测工具
github · Created 2022-07-05 03:03:31 UTC · 2 stars
EXP for Spring4Shell(CVE-2022-22965)
github · Created 2022-04-27 07:57:50 UTC · 3 stars
github · Created 2022-04-23 09:01:22 UTC · 5 stars
github · Created 2022-04-12 14:59:42 UTC · 21 stars
spring4shell | CVE-2022-22965
github · Created 2022-04-07 15:26:15 UTC · 3 stars
github · Created 2022-04-07 02:30:26 UTC · 6 stars
CVE-2022-22965 pocsuite3 POC
github · Created 2022-04-07 00:08:16 UTC · 102 stars
Spring Framework RCE (CVE-2022-22965) Nmap (NSE) Checker (Non-Intrusive)
github · Created 2022-04-05 20:34:36 UTC · 2 stars
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
github · Created 2022-04-04 20:16:06 UTC · 3 stars
Another spring4shell (Spring core RCE) POC
github · Created 2022-04-04 13:44:39 UTC · 7 stars
CVE-2022-22965 (Spring4Shell) Proof of Concept
github · Created 2022-04-03 06:43:07 UTC · 15 stars
Docker PoC for CVE-2022-22965 with Spring Boot version 2.6.5
github · Created 2022-04-02 09:13:54 UTC · 13 stars
CVE-2022-22965\Spring-Core-RCE堪比关于 Apache Log4j2核弹级别漏洞exp的rce一键利用
github · Created 2022-04-01 13:35:01 UTC · 13 stars
Spring Framework RCE via Data Binding on JDK 9+ / spring4shell / CVE-2022-22965
github · Created 2022-04-01 12:37:32 UTC · 11 stars
Spring4Shell (CVE-2022-22965)
github · Created 2022-04-01 07:55:26 UTC · 37 stars
批量无损检测CVE-2022-22965
github · Created 2022-04-01 04:51:44 UTC · 75 stars
SpringFramework 远程代码执行漏洞CVE-2022-22965
github · Created 2022-03-31 19:19:52 UTC · 13 stars
CVE-2022-22965 poc including reverse-shell support
github · Created 2022-03-31 18:09:58 UTC · 2 stars
github · Created 2022-03-31 16:58:56 UTC · 44 stars
A Safer PoC for CVE-2022-22965 (Spring4Shell)
github · Created 2022-03-31 16:14:36 UTC · 6 stars
Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+ (CVE-2022-22965 aka "Spring4Shell")
github · Created 2022-03-31 15:43:06 UTC · 17 stars
Spring Framework RCE (Quick pentest notes)
github · Created 2022-03-31 13:21:49 UTC · 28 stars
github · Created 2022-03-31 02:00:18 UTC · 16 stars
spring-core单个图形化利用工具,CVE-2022-22965及修复方案已出
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nuclei
-
Detected by Metasploit
-
Added to KEVIntel