Overview
Spring Security is a comprehensive Java security framework for securing enterprise-level applications. It provides a powerful, flexible programming model that simplifies the development of secure applications by allowing you to manage authentication, authorization, and other security concerns with ease. Spring Security integrates seamlessly with the Spring Framework, offering robust tools for configuring access controls, managing user roles, and protecting resources, all while allowing Java to be your primary language for application development.
A Information Exposure vulnerability (CVE-2025-22234) has been identified in spring-security-crypto from Spring Security, which broke the timing attack mitigation.
Attackers can use login response times to determine which usernames are valid. A valid username typically results in a longer response time due to a password check, whereas an invalid username returns faster since no password check is performed. Spring Security mitigates this issue by always performing a password check, regardless of whether the user exists in the system or not.
This issue affects multiple versions of Spring Security’s spring-security-crypto package.
Details
Module Info
- Product: Spring Security
- Affected packages: spring-security-crypto
- Affected versions: =5.7.16, =5.8.18, =6.0.16, =6.1.14, =6.2.10, =6.3.8, =6.4.4
- GitHub repository: https://spring.io/projects/spring-security
- Published packages: https://central.sonatype.com/artifact/org.springframework.security/spring-security-crypto
- Package manager: Maven
- Fixed In: NES for Spring Security v5.7.18 and v5.8.21
Vulnerability Info
The Spring team recently patched CVE-2025-22228, which addressed an issue in spring-security-crypto. However, this fix broke the timing attack mitigation implemented in DaoAuthenticationProvider. If the password encoder is set to BCrypt and a password longer than 72 characters is used in a request, the behavior of the encoder has changed — it now throws an exception. This change could potentially be exploited to reveal information about the service, such as the password encoder in use or measuring user lookup time.
Reverting to the previous behavior mitigates this issue.
Steps To Reproduce
- Set up a vulnerable version of Spring Security
- Configure authentication to use DaoAuthenticationProvider with the BCryptPasswordEncoder.
- Validate timing consistency with password <72 in length
- Verify that an invalid username results in a BadCredentialsException, and compare the response time against a valid username with an incorrect password. The timing for both cases should be approximately equivalent, demonstrating the mitigation against timing attacks.
- Test with a long password >72 in length
- Attempt to authenticate a valid user with a password longer than 72 characters. Observe that, in the vulnerable version, this triggers a different exception or behavior due to how BCrypt handles long passwords.
- Update to the patched version of Spring Security
- Upgrade your Spring Security dependency to the version that includes the fix for this CVE.
- Retest with a long password
- Repeat the test using a password longer than 72 characters. Note that the behavior now matches that of step 2, with consistent exception handling and response timing, confirming that the patch restores proper mitigation against timing attacks.
Credit
- Jonas Robl (jonas.robl@sap.com)
Mitigation
Only recent versions of Spring Security are community-supported. Only the recent community support version will receive updates to address this issue. For more information, see here.
Users of the affected components should apply one of the following mitigations:
- Upgrade affected applications to supported versions of Spring Security
Leverage a commercial support partner like HeroDevs for post-EOL security support.
