The context

The project appears to be affected by
CVE-2025-55163, which impacts the io.grpc:grpc-netty-shaded dependency transitively brought by io.grpc .

Dependency Reference:
The vulnerable dependency is introduced at:
https://github.com/grpc-ecosystem/grpc-spring/blob/master/build.gradle#L14C9-L14C20 with version 1.63.0 and with the vulnerability is fixed in 1.75.0

Impact:
The referenced CVE describes a vulnerability that could allow attackers to exploit network traffic processed by grpc-netty-shaded, potentially leading to denial of service or other security issues.

Remediation
Update io.grpc:grpc-bom to the patched version 1.75.0 as recommended in the advisory.