A vulnerability (CVE-2025-22234) in various Spring Security versions allows attackers to exploit timing attacks to determine valid usernames, jeopardizing user enumeration defenses. Affected versions include 5.7.16 and 6.4.4. Mitigations include upgrading to patched versions or seeking commercial support. The flaw, discovered by Jonas Robl, is rated Medium severity. Patches are available via HeroDevs’ support.
Critical Microsoft Telnet 0-Click Vulnerability Exposes Windows Credentials
A critical vulnerability in Microsoft Telnet Server allows remote attackers to bypass authentication entirely, gaining administrative access without credentials. Affecting legacy Windows systems (2000 through
