An improper header handling vulnerability in Spring Cloud Gateway Server could allow attackers to bypass security controls and spoof their source IP address.

The vulnerability occurs when forwarded-header handling is enabled but the trusted proxy property is misconfigured. This allows an unauthenticated attacker to inject forged headers that are passed to backend services, facilitating IP allowlist bypass and source-address spoofing.

With a CVSS score of 8.6, this vulnerability poses a high risk to network security. Attackers can bypass IP-based access controls for backend services, potentially gaining access to restricted APIs or triggering log forgery, which hampers incident response and forensic investigations.

Immediate Action: Update to the patched versions: 3.1.13, 4.1.13, 4.2.9, 4.3.5, or 5.0.2, depending on your current deployment.

Proactive Monitoring: Review application logs for unexpected header values that deviate from expected proxy patterns.

Compensating Controls: Ensure the 'trusted-proxies' property is explicitly and correctly configured to prevent the gateway from trusting headers originating from unauthorized sources.

Public Exploit Available: true

This vulnerability represents a significant security misconfiguration risk. IT teams must verify their Spring Cloud Gateway version and apply the recommended patches immediately to restore the integrity of their header-based security controls.