This vulnerability arises in Spring Framework applications that map all requests ("/**") without explicitly setting the view name. An attacker can exploit this by crafting a URL that uses the redirect: prefix to cause the application to issue a 302 HTTP redirect to an arbitrary external host. This open redirect (CWE-601) can potentially be used in phishing or social engineering attacks by redirecting users to malicious sites. The affected versions span multiple major Spring Framework releases from 5.3.0 up to 7.0.7. No official remediation or patch is currently documented.

The vulnerability allows attackers to redirect users to untrusted external websites via crafted URLs, which may facilitate phishing or other social engineering attacks. The impact is limited to confidentiality and integrity (low), with no direct impact on availability. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, developers should avoid configuring mappings for "/**" without explicitly specifying view names or implement input validation to restrict redirect targets. Monitor official Spring Framework advisories for updates.