CVE-2022-22947CISA KEVEPSS p99.9%

CVE-2022-22947VMware Spring Cloud Gateway Code Injection Vulnerability

VMware / Spring Cloud Gateway

Description

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

Scoring

EPSS98.25% probability of exploitation · percentile 99.9% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2022-05-16

(incoming)1

TypeTargetConfidenceTier
KEVEntryVMware Spring Cloud Gateway Code Injection Vulnerabilitykev-cve-2022-229470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
CVE
VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability
CVE
CVE-2026-22733
CVE
CVE-2025-41243
CVE
Spring Framework JDK 9+ Remote Code Execution Vulnerability
CVE
VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.