diff --git a/core/src/main/java/org/springframework/security/util/matcher/InetAddressMatchers.java b/core/src/main/java/org/springframework/security/util/matcher/InetAddressMatchers.java
index dbe4e7be654..b80dde22a2e 100644
--- a/core/src/main/java/org/springframework/security/util/matcher/InetAddressMatchers.java
+++ b/core/src/main/java/org/springframework/security/util/matcher/InetAddressMatchers.java
@@ -31,6 +31,7 @@
  * strategies for IP addresses.
  *
  * @author Rob Winch
+ * @author Andrey Litvitski
  * @since 7.1
  */
 public final class InetAddressMatchers {
@@ -256,6 +257,9 @@ public boolean matches(@Nullable InetAddress address) {
 			if (address == null) {
 				return false;
 			}
+			if (address.isAnyLocalAddress()) {
+				return true;
+			}
 			if (address.isLoopbackAddress() || address.isLinkLocalAddress() || address.isSiteLocalAddress()) {
 				return true;
 			}
@@ -335,6 +339,9 @@ private ExternalInetAddressMatcher() {
 
 		@Override
 		public boolean matches(@Nullable InetAddress address) {
+			if (address == null) {
+				return false;
+			}
 			return !this.internalMatcher.matches(address);
 		}
 
diff --git a/core/src/test/java/org/springframework/security/util/matcher/InetAddressMatchersTests.java b/core/src/test/java/org/springframework/security/util/matcher/InetAddressMatchersTests.java
index 387af3c3814..ae25a862065 100644
--- a/core/src/test/java/org/springframework/security/util/matcher/InetAddressMatchersTests.java
+++ b/core/src/test/java/org/springframework/security/util/matcher/InetAddressMatchersTests.java
@@ -31,6 +31,7 @@
  * Tests for {@link InetAddressMatchers}.
  *
  * @author Rob Winch
+ * @author Andrey Litvitski
  */
 class InetAddressMatchersTests {
 
@@ -51,6 +52,12 @@ void matchInternalWhenInvokedThenReturnsBuilder() {
 		assertThat(builder).isNotNull();
 	}
 
+	@Test
+	void matchesWhenInetAddressNullThenReturnsFalse() {
+		InetAddressMatcher matcher = InetAddressMatchers.matchExternal().build();
+		assertThat(matcher.matches((InetAddress) null)).isFalse();
+	}
+
 	@Nested
 	class BuilderTests {
 
@@ -410,6 +417,13 @@ void matchesWhenIpv6PublicThenReturnsFalse() throws Exception {
 			assertThat(matcher.matches(InetAddress.getByName("2001:4860:4860::8888"))).isFalse();
 		}
 
+		@ParameterizedTest
+		@ValueSource(strings = { "0.0.0.0", "::" })
+		void matchesWhenWildcardAddressThenReturnsFalse(String address) throws Exception {
+			InetAddressMatcher matcher = InetAddressMatchers.matchExternal().build();
+			assertThat(matcher.matches(InetAddress.getByName(address))).isFalse();
+		}
+
 	}
 
 	@Nested