A critical remote code execution vulnerability in Spring Cloud Gateway, tracked as CVE-2022-22947, allows an unauthenticated attacker to achieve full code execution on affected hosts by abusing the Gateway's Actuator API. The flaw stems from unsafe evaluation of Spring Expression Language (SpEL) in routing configuration, and it went from disclosure to mass, automated exploitation in a matter of days. If your organization runs Spring Cloud Gateway with the Actuator endpoints exposed, this vulnerability deserves immediate attention — it has been weaponized by botnets, cryptomining operations, and opportunistic scanners since the week it was patched.
What Is Spring Cloud Gateway, and Why Does This Matter
Spring Cloud Gateway is a widely used API gateway and reverse-proxy library built on the Spring ecosystem, commonly deployed at the edge of microservice architectures to handle routing, load balancing, rate limiting, and security filters. Because it typically sits in front of internal services and often runs with elevated network access, a code execution bug in the gateway itself is a high-value target: compromising the gateway can give an attacker a foothold that reaches deep into an organization's internal network.
The Actuator module — a standard Spring Boot component that exposes operational endpoints for health checks, metrics, and configuration management — is the vector here. When the Gateway Actuator endpoint is enabled and exposed, it accepts requests that create or modify routes, and those route definitions can include SpEL expressions used for filters. Spring Cloud Gateway evaluates that SpEL server-side without adequately sanitizing it, meaning an attacker who can reach the actuator endpoint can smuggle in a malicious expression and have it executed as code on the host.
Affected Versions and Components
CVE-2022-22947 affects applications that meet all of the following conditions:
- Use spring-cloud-gateway-server (or the deprecated
spring-cloud-starter-gateway) - Have the Gateway Actuator endpoint enabled and exposed (
management.endpoint.gateway.enabled=truecombined with the endpoint being included inmanagement.endpoints.web.exposure.include) - Are running an unpatched version, specifically:
- Spring Cloud Gateway 3.1.0 and earlier 3.1.x releases
- Spring Cloud Gateway 3.0.0 through 3.0.6
- Older, unsupported release lines are presumed vulnerable as well since they never received a backport
Patched versions are 3.1.1 and 3.0.7, both released on March 1, 2022. If you are unable to upgrade immediately, disabling the actuator gateway endpoints is an effective interim mitigation (see remediation section below).
It's worth noting that many organizations underestimate their exposure here because "we don't expose actuator to the internet" is often an assumption rather than a verified fact — actuator endpoints are frequently left reachable from internal networks or misconfigured ingress rules, which is more than sufficient for lateral-movement-style exploitation once an attacker has any foothold.
CVSS, EPSS, and KEV Context
- CVSS v3.1 Base Score: 9.8 (Critical) — Attack Vector: Network, Attack Complexity: Low, Privileges Required: None, User Interaction: None, full Confidentiality/Integrity/Availability impact. The scoring reflects that this is a pre-authentication, network-reachable RCE with no user interaction required — about as severe as a vulnerability rating gets.
- EPSS (Exploit Prediction Scoring System): CVE-2022-22947 has consistently scored in the very high percentile of EPSS (often cited above 90-97% probability of exploitation), reflecting sustained, observed real-world exploitation activity rather than theoretical risk.
- CISA Known Exploited Vulnerabilities (KEV) Catalog: This CVE was added to CISA's KEV catalog, confirming that it has been used in active attacks in the wild. Inclusion in KEV also means federal civilian agencies were given binding-operational-directive deadlines to remediate, and it's a strong signal to any security team that this vulnerability is not hypothetical — it is actively targeted by opportunistic scanning infrastructure and automated exploit tooling.
The combination of a 9.8 CVSS score, a high EPSS probability, and KEV inclusion places CVE-2022-22947 firmly in the category of "patch now" vulnerabilities — the kind that should trigger emergency change-management processes rather than waiting for the next scheduled patch cycle.
Timeline
- March 1, 2022 — VMware/Spring publishes the security advisory for CVE-2022-22947 alongside patched releases 3.1.1 and 3.0.7. The advisory is rated Critical.
- Early March 2022 — Security researchers publish technical write-ups and proof-of-concept exploit code demonstrating the SpEL injection chain against the Gateway Actuator API within days of disclosure.
- Mid-March 2022 — Public exploit modules (including Metasploit-style tooling) become available, dramatically lowering the skill floor required to exploit unpatched instances.
- March–April 2022 — Mass internet scanning and automated exploitation attempts are observed by multiple threat intelligence teams, with attackers using the flaw to drop cryptominers, establish reverse shells, and add hosts to botnet infrastructure.
- Q2 2022 — CVE-2022-22947 is added to CISA's Known Exploited Vulnerabilities catalog, formalizing what defenders had already observed: this vulnerability was under active, ongoing exploitation, not just a theoretical risk from an advisory.
The speed of this timeline — public advisory to working exploits to mass scanning inside roughly two to three weeks — is a pattern that has repeated across major Java/Spring ecosystem vulnerabilities and underscores why time-to-patch is one of the most consequential metrics a security program can track.
How the Exploit Works
At a high level, exploitation follows this pattern:
- The attacker sends a
POSTrequest to the Gateway Actuator's route-management endpoint (/actuator/gateway/routes/{id}), submitting a new route definition. That route definition includes a filter whose value is a crafted SpEL expression — for example, one that invokesjava.lang.Runtimevia Spring'sT()type-reference operator to spawn an OS process. - The attacker then sends a
POSTto/actuator/gateway/refresh, which forces Spring Cloud Gateway to reload its route configuration and, critically, evaluate the SpEL expression embedded in the malicious route. - Because the expression is evaluated server-side with no sandboxing, the attacker's payload executes with the privileges of the gateway process — commonly resulting in reverse shells, dropped webshells, or cryptomining payloads.
No authentication is required if the actuator endpoint is exposed without access controls, which is precisely why this vulnerability scored a 9.8 and was so rapidly and widely exploited.
Remediation Steps
- Upgrade immediately. Update Spring Cloud Gateway to 3.1.1, 3.0.7, or later. This is the definitive fix and should be the priority action for every affected deployment.
- Restrict or disable the Gateway Actuator endpoints if you cannot patch right away. Set
management.endpoint.gateway.enabled=false, or at minimum removegatewayfrommanagement.endpoints.web.exposure.includeso the route-management API is not reachable. - Never expose Actuator endpoints to untrusted networks. As a general hardening practice independent of this CVE, actuator endpoints should be bound to a management-only interface, placed behind authentication, and restricted via network policy/firewall rules to trusted internal callers only.
- Add detection rules. Hunt for and alert on
POSTrequests to/actuator/gateway/routes/*and/actuator/gateway/refreshfrom unexpected sources, and look for suspicious SpEL syntax (T(,new String(...)) in request bodies at the WAF or API gateway logging layer. - Hunt for indicators of prior compromise. Because this vulnerability was mass-exploited for weeks before many organizations patched, don't treat patching alone as remediation — review process trees, unexpected outbound connections, newly created scheduled tasks/cron jobs, and unfamiliar binaries on any host that ran an exposed, unpatched gateway instance during the exploitation window.
- Rebuild and redeploy container images rather than patching in place, since compromised containers may already contain persistence mechanisms; rotate any credentials or secrets that were accessible to the affected service.
How Safeguard Helps
Finding a CVE in a scan report is the easy part — knowing whether it's actually exploitable in your environment, and fixing it fast, is where security teams lose time. Safeguard's reachability analysis traces whether the vulnerable Spring Cloud Gateway code path and the exposed Actuator configuration are actually invocable in your deployed services, so teams can separate "urgent, patch today" from "present but not reachable" instead of treating every SCA hit as equally critical. Griffin, Safeguard's AI-powered analysis engine, correlates CVE-2022-22947 against your live SBOM inventory, configuration data, and network exposure to flag which specific gateway instances have actuator endpoints reachable from untrusted networks — the exact precondition this exploit requires. Safeguard continuously generates and ingests SBOMs across your build and runtime pipelines, so newly introduced or transitively pulled-in vulnerable Spring Cloud Gateway versions are caught automatically rather than at the next manual audit. And when remediation is confirmed, Safeguard can open an auto-fix pull request bumping the dependency to a patched release, cutting the gap between detection and a merged fix from weeks to hours.