CVE
CVE-2025-22228
Spring Security Does Not Enforce Password Length
BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same.
Endor Patches
Patch Name
Vulnerabilities fixed
Lines of Code Changed