Spring Cloud Gateway RCE Explained | Java Crack of the Week #4

Показать описание

In this fourth episode of Java Crack of the Week, we’re diving into the Spring Cloud Gateway RCE (CVE-2022-22947) — a critical vulnerability that allowed remote attackers to inject and execute code through exposed Actuator endpoints.
While it didn’t grab headlines like Spring4Shell, this security flaw was actively exploited in the wild, added to CISA’s Known Exploited Vulnerabilities list, and leveraged by botnets like Sysrv-K to hijack cloud servers for cryptomining.

In this video, you’ll learn:
* What Spring Cloud Gateway is and how it works
* How attackers exploited route filters using SpEL expressions
* Real-world impact: PoCs, federal alerts, and botnet activity
* Live exploit demo using Docker, SpEL, and curl
* How to secure Actuator and prevent this type of misconfiguration

If you’re using Spring Cloud in production, this is an episode you can’t afford to miss.

Like & Subscribe for weekly breakdowns of real Java vulnerabilities.

Chapters
00:00 – Intro & Why This Spring RCE Matters
00:28 – What Is Spring Cloud Gateway?
00:53 – How the Vulnerability Works (SpEL Injection Explained)
01:40 – Real-World Exploits & Impact (CISA, PoCs, Active Attacks)
02:05 – The Sysrv Botnet & Spring Exploitation
02:29 – What Attackers Could Do with RCE Access
02:46 – Preconditions for Exploiting CVE-2022-22947
03:29 – Attack Flow Visualized (Sequence Diagram)
04:39 – Vulnerable App Setup (Code Walkthrough)
05:50 – Exploiting Spring Cloud Gateway to Leak Secrets
06:57 – Developer Takeaways & Security Best Practices
08:00 – Outro & Final Thoughts

Рекомендации по теме

Комментарии

Tyle że ja bym nie nazwał tego nawet atakiem, a lamerstwem adminów czy devopsów. Nigdy nie wystawia się endpointów /actuator/* na świat, one służą tylko na potrzeby programistów oraz infrastruktury (healthchecki, metryki). Samo to że ktoś ma dostęp do /actuator/* nawet jeśli akurat nie może zrobić RCE jest poważnym problemem bo pozwala np zrobić rekonesans przed innym atakiem.

iirekm

Spring Cloud Gateway RCE Explained | Java Crack of the Week #4

Spring Cloud Gateway RCE Explained | Java Crack of the Week #4

spring cloud gateway RCE | CVE-2022-22947

Spring Cloud Gateway spel Remote Code Execution (CVE-2022-22947)

Spring4Shell, Spring Cloud Function RCE and Spring Cloud Gateway Code Injection

SPRING CLOUD GATEWAY CVE-2022-22947 RCE/ CODE INJECTION VULNERABILITY

Spring Boot Remote Code Execution Proof Of Concept | spring-cloud-function | Latest 0day

Spring RCE Vulnerability CVE-2022-22965 Explained

New Spring Framework RCE Vulnerability Confirmed (Springshell) - What You Need to Know

Detect Spring4Shell RCE (CVE-2022-22965) Post-exploitation - protect.intezer.com

Urgent ⚠️ New Spring Framework RCE Vulnerability Confirmed

Reverse Proxy vs API Gateway vs Load Balancer

Spring4Shell explained [an overview of the Spring vulnerability - CVE-2022-22965]

Spring4Shell -0day RCE || Detection ,Exploitation and Explanation || POC || CVE-2022-22965 || 2022||

Vmware Code Injection Attack | Code Injection | POC | Exploit | Vulnerability | CVE-2022-22947

Spring OAuth RCE vulnerability (CVE-2016-4977)

Spring Framework Flaw

Understanding the Spring4Shell Vulnerability

Spring Cloud framework commits patch for code injection flaw

Spring4Shell Explained - Zero-Day Vulnerability (CVE-2022-22965) | Black Duck

apache druid #rce | CVE-2021-25646

Highlight: THM | Spring4Shell: CVE-2022-22965 'info' room

Spring4Shell: CVE-2022-22965 Explained | Vulnerability

CyberSecurity 101: Spring4Shell 0-day vulnerability | What is it? | How Do I Mitigate this RCE?

Rapid Recap: Spring4Shell