CVE-2025-45611: Vulnerable Apache Shiro Version Auth Bypass
Apache Shiro is pinned to a version prior to 1.5.3 in this pom.xml. Versions 1.0.0-incubating through 1.5.2 are affected by an authentication bypass (CVE-2020-1957 and related, including the class of bug behind CVE-2025-45611 in hope-boot) caused by a path-normalization discrepancy between Shiro's filter chain and Spring MVC. An unauthenticated attacker can
greprules fetch cve-2025-45611-vulnerable-apache-shiro-version-auth-bypass --engine opengrepDescription
Apache Shiro is pinned to a version prior to 1.5.3 in this pom.xml. Versions 1.0.0-incubating through 1.5.2 are affected by an authentication bypass (CVE-2020-1957 and related, including the class of bug behind CVE-2025-45611 in hope-boot) caused by a path-normalization discrepancy between Shiro's filter chain and Spring MVC. An unauthenticated attacker can
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.