A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware’s Spring Framework has been patched, affecting multiple versions of the widely used Java framework.
The flaw enables attackers to execute malicious code by exploiting improperly configured Content-Disposition headers in a web application.
https://gbhackers.com/spring-framework-flaw/