[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-UBUNTU-CVE-2025-35036":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":86,"epss":9,"epss_history":87,"metrics":88,"affected":98},"UBUNTU-CVE-2025-35036","Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.",null,[],[],[],[14],{"_key":15},"CVE-2025-35036",[],[],[],"2025-06-03T20:15:00Z","2026-05-20T16:21:24.707128083Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24,30,34,38,42,46,50,54,58,62,66,70,74,78,82],{"url":25,"sources":26,"tags":28},"https://ubuntu.com/security/CVE-2025-35036",[27],"osv_ubuntu",[29],"REPORT",{"url":31,"sources":32,"tags":33},"https://www.cve.org/CVERecord?id=CVE-2025-35036",[27],[29],{"url":35,"sources":36,"tags":37},"https://hibernate.atlassian.net/browse/HV-1816",[27],[29],{"url":39,"sources":40,"tags":41},"https://github.com/hibernate/hibernate-validator/pull/1138",[27],[29],{"url":43,"sources":44,"tags":45},"https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e",[27],[29],{"url":47,"sources":48,"tags":49},"https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1",[27],[29],{"url":51,"sources":52,"tags":53},"https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893",[27],[29],{"url":55,"sources":56,"tags":57},"https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78",[27],[29],{"url":59,"sources":60,"tags":61},"https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext",[27],[29],{"url":63,"sources":64,"tags":65},"https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final",[27],[29],{"url":67,"sources":68,"tags":69},"https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1",[27],[29],{"url":71,"sources":72,"tags":73},"https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language",[27],[29],{"url":75,"sources":76,"tags":77},"https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/",[27],[29],{"url":79,"sources":80,"tags":81},"https://www.cve.org/CVERecord?id=CVE-2020-5245",[27],[29],{"url":83,"sources":84,"tags":85},"https://www.cve.org/CVERecord?id=CVE-2025-4428",[27],[29],[],[],[89],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":90,"cvss_v4_0":95},{"baseScore":91,"baseSeverity":9,"vectorString":92,"impactScore":93,"exploitabilityScore":94},7.3,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",5.7,10,{"baseScore":96,"baseSeverity":9,"vectorString":97,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",[99,115],{"ecosystem":100,"name":101,"vendor":102,"product":101,"cpe_part":9,"purl_type":103,"purl_namespace":102,"purl_name":101,"source":9,"versions":104},"Ubuntu","libhibernate-validator-java","ubuntu","deb",[105,109,110,111,112,113,114],{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",true,"ecosystem",{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":100,"name":116,"vendor":102,"product":116,"cpe_part":9,"purl_type":103,"purl_namespace":102,"purl_name":116,"source":9,"versions":117},"libhibernate-validator4-java",[118,119,120,121,122],{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"version":106,"is_range":107,"range_type":108,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]