Home » Blog » Securing Your Streams: What You Need to Know About CVE-2025-22228 

Securing Your Streams: What You Need to Know About CVE-2025-22228 

April 15, 2025byJeff Reese

Security vulnerabilities can disrupt even the most reliable streaming workflows, and the recently identified CVE-2025-22228 is making headlines across the industry. Here’s the good news for Wowza users: this critical Spring Security vulnerability does not affect Wowza Streaming Engine. Our development implementation doesn’t use the affected method, keeping your streams secure and uninterrupted. Even so, we’re taking proactive steps to implement the suggested fix in our next release, demonstrating our ongoing commitment to rock-solid streaming security.

Table of contents

What is CVE-2025-22228? 

CVE-2025-22228 is a critical vulnerability identified in Spring Security’s spring-security-crypto package on March 19, 2025. The issue allows BCryptPasswordEncoder.matches() to incorrectly return true for passwords larger than 72 characters as long as the first 72 characters match. This flaw creates a substantial security risk by potentially allowing unauthorized access to protected systems. 

Why is this concerning? If exploited, this vulnerability could lead to: 

  • Unauthorized access to sensitive systems 
  • Potential data breaches affecting user information 
  • Compromised streaming content and infrastructure 
  • Service disruptions that impact your audience 

This vulnerability joins a history of similar security issues that have affected various platforms, highlighting the ongoing challenge of maintaining secure environments in the streaming world. 

Why This Matters for Streaming Security 

For streaming platforms, security vulnerabilities like CVE-2025-22228 can have far-reaching consequences. Beyond immediate operational disruptions, security breaches can damage: 

  • User trust in your platform 
  • Content protection guarantees to your partners 
  • Regulatory compliance status 
  • Brand reputation and business continuity 

Staying ahead of these threats isn’t just good practice—it’s essential for maintaining a competitive edge in today’s security-conscious market. For the most current information on this issue, we recommend reviewing the Spring Security CVE-2025 security advisory.

How Wowza Protects Your Streams

Good news for Wowza users: CVE-2025-22228 does not affect Wowza Streaming Engine. Our implementation doesn’t use the vulnerable BCryptPasswordEncoder.matches(CharSequence, String) method, keeping your streaming infrastructure protected from this specific threat. 
 

Despite being unaffected, we’re still taking action. Our development team is implementing the suggested fix in our next release as part of our commitment to proactive security. This approach reflects our core security philosophy: 

  • Constant monitoring of the security landscape to identify potential threats 
  • Proactive patching even when vulnerabilities don’t directly impact our systems 
  • Regular security updates to address emerging concerns before they affect you 
  • Comprehensive testing to ensure security measures don’t impact performance 

This security-first approach is why leading organizations trust Wowza to power their mission-critical streaming applications.

Practical Steps to Enhance Your Security 

While your Wowza implementation is safe from this specific vulnerability, now is always a good time to review your overall security posture. Here are practical steps you can take today: 

  1. Keep all systems updated: Apply the latest patches and updates across your entire streaming ecosystem. 
  2. Implement access controls: Limit system access to only those who need it, following the principle of least privilege. 
  3. Monitor your infrastructure: Deploy robust monitoring tools to identify suspicious activities before they become problems. 
  4. Conduct regular security audits: Schedule periodic reviews of your security measures to identify potential weaknesses.

For organizations using Spring Security elsewhere in their infrastructure, we recommend specifically checking for and updating the spring-security-crypto package to address the CVE-2025-22228 vulnerability. 

Frequently Asked Questions (FAQs) 

What exactly is the CVE-2025-22228 exploit? 

CVE-2025-22228 is a vulnerability in Spring Security that incorrectly validates passwords longer than 72 characters, potentially allowing unauthorized access if the first 72 characters match. 

Does CVE-2025-22228 affect Wowza Streaming Engine? 

No, Wowza Streaming Engine doesn’t use the affected method (BCryptPasswordEncoder.matches) in our implementation, so this vulnerability doesn’t impact our products. 

Why is Wowza implementing a fix if we’re not affected? 

We believe in proactive security. By implementing the fix now, we ensure continued protection and demonstrate our commitment to keeping your streaming infrastructure secure against emerging threats. 

How does Wowza stay ahead of security threats? 

We employ constant monitoring, comprehensive software scanning, and regular security updates to address vulnerabilities before they can impact your streaming workflows. 

Whether you’re just starting your streaming journey or looking to upgrade your existing infrastructure, Wowza delivers the reliable, secure streaming solutions you need. Explore our products or contact our team to find the right fit for your streaming goals. 

Search Wowza Resources

Categories

Subscribe

Follow Us

Categories

Back to All Posts

About Jeff Reese

Jeff Reese has been in the video industry for over a decade, with the past six years dedicated to Wowza. As the Product Manager for Wowza Streaming Engine, he has worked with every implementation type, helping to design and optimize customer workflows and architecture. Jeff also plays a key role in keeping Wowza Streaming Engine at the forefront of video technology. Beyond product management, he has contributed by writing modules for Wowza Streaming Engine and configuring hardware for Wowza’s cloud solutions.

View More

Get Started With Wowza Today