CVE-2025-35036

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE-2025-35036 Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expres… https://t.co/002YgA2hEa

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2025-35036

GHSA-7V6M-28JR-RG84

RHSA-2025:10924

RHSA-2025:10925

RHSA-2025:10926

Affected Products

Hibernate Validator

Libhibernate-Validator-Java

Libhibernate-Validator4-Java

Org.Hibernate.Validator:Hibernate-Validator

Org.Hibernate:Hibernate-Validator

CVE-2025-35036

Weakness Enumeration

Related Identifiers

Affected Products

References · 26