The Spring Security and Spring Framework teams have jointly released fixes for two vulnerabilities. These vulnerabilities, CVE-2025-41248 and CVE-2025-41249, affect method security annotations in parameterized types within type hierarchies. Specifically, they relate to authorization bypass and annotation detection issues. CVE-2025-41248 is addressed in Spring Security versions 6.4.10 and 6.5.4. CVE-2025-41249 is resolved in Spring Framework version 6.2.11. While open-source support for Spring Framework 5.3.x and 6.1.x has ended, these fixes are available in commercial releases. These commercial releases are Spring Framework 5.3.45 and 6.1.23. Users not on commercial support are encouraged to upgrade to a supported open-source Spring Framework version. For Spring Boot users on versions 2.7, 3.2, or 3.3, hotfix releases are available. These hotfixes are 2.7.29.1, 3.2.18.1, and 3.3.15.1 respectively. These commercial releases can be accessed via the Spring commercial artifact repository with an Enterprise Subscription.