Skip to content
CISA Known Exploited Vulnerability

CVE-2022-22963

When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution

⚠ Actively exploited (CISA KEV) Spring 2022
CISA catalog entry
Product
Spring Cloud
Vendor
VMware Tanzu
Added to KEV
2022-08-25
Remediation due
2022-09-15

CVE-2022-22963 is tracked in the CISA Known Exploited Vulnerabilities catalog. WebPulse monitors it as part of its framework security intelligence.

View CVE-2022-22963 on the NIST National Vulnerability Database →
Related vulnerabilities
CVE-2026-9319 CVE-2026-9311 CVE-2026-8644 CVE-2026-40994 CVE-2026-40987 CVE-2022-22965 CVE-2022-22947 CVE-2020-5410