CVE-2025-35036

{"id": "CVE-2025-35036", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-03T20:15:21.993", "references": [{"url": "https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext", "tags": ["Product"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e", "tags": ["Patch"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1", "tags": ["Patch"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78", "tags": ["Patch"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893", "tags": ["Patch"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final", "tags": ["Release Notes"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/hibernate/hibernate-validator/pull/1138", "tags": ["Issue Tracking"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://hibernate.atlassian.net/browse/HV-1816", "tags": ["Issue Tracking"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1", "tags": ["Release Notes"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language", "tags": ["Release Notes"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/", "tags": ["Not Applicable"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2020-5245", "tags": ["Not Applicable"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-4428", "tags": ["Not Applicable"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data."}, {"lang": "es", "value": "Hibernate Validator, en versiones anteriores a la 6.2.0 y la 7.0.0, puede, de forma predeterminada y seg\u00fan su uso, interpolar la informaci\u00f3n proporcionada por el usuario en un mensaje de violaci\u00f3n de restricciones con Expression Language. Esto podr\u00eda permitir a un atacante acceder a informaci\u00f3n confidencial o ejecutar c\u00f3digo Java arbitrario. Hibernate Validator, a partir de la 6.2.0 y la 7.0.0, ya no interpola mensajes personalizados de violaci\u00f3n de restricciones con Expression Language y recomienda encarecidamente no permitir la informaci\u00f3n proporcionada por el usuario en dichos mensajes. CVE-2020-5245 y CVE-2025-4428 son ejemplos de vulnerabilidades relacionadas con la interpolaci\u00f3n de datos proporcionados por el usuario en Expression Language."}], "lastModified": "2025-09-18T14:19:46.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:hibernate_validator:*:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80FD9DDB-71F3-44F1-A033-68CD4ABE3689", "versionEndExcluding": "6.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}