This critical remote code execution vulnerability affects Spring Data Commons and is confirmed to be exploited by ransomware actors.

The flaw exists in the property binder and is caused by improper neutralization of special elements. An unauthenticated attacker can leverage this against Spring Data REST-backed resources to achieve remote code execution.

With a CVSS score of 9.8, this vulnerability poses a catastrophic risk to any application utilizing the affected Spring Data libraries. Successful exploitation allows for complete system takeover, data exfiltration, and the deployment of ransomware. The inclusion of this vulnerability in the CISA KEV catalog highlights its continued relevance as a high-value target for threat actors.

Immediate Action: Update Spring Data Commons to the latest supported versions provided by the vendor.

Proactive Monitoring: Monitor application access logs for anomalous or malformed HTTP request parameters often associated with injection attempts.

Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rulesets designed to detect and block malicious payloads targeting Spring framework vulnerabilities.

Public Exploit Available: Yes

The severity of this remote code execution vulnerability cannot be overstated. All systems running the affected versions must be patched immediately to prevent full compromise and potential ransomware deployment.