EUVD-2025-16774

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Hibernate Validator prior to 6.2.0 and 7.0.0 allows user input interpolation in messages, risking data access.

Reporter	Title	Published	Views	Family All 120
GithubExploit	Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile	16 May 202500:42	–	githubexploit
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Ivanti Endpoint_Manager_Mobile	15 May 202513:59	–	githubexploit
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Ivanti Endpoint_Manager_Mobile	31 Aug 202519:00	–	githubexploit
ATTACKERKB	CVE-2025-4428	13 May 202500:00	–	attackerkb
ATTACKERKB	CVE-2025-4427	13 May 202500:00	–	attackerkb
Information Security Automation	June Linux Patch Wednesday	1 Jul 202511:28	–	avleonov
BDU FSTEC	The vulnerability of the Dropwizard-Validation software lies in its inability to properly eliminate special elements, allowing attackers to execute arbitrary code with privileges of the Dropwizard service account.	11 May 202200:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the application interface for managing the lifecycle of mobile devices and mobile applications in Ivanti Endpoint Manager Mobile (EPMM) – previously known as MobileIron Core – allows a malicious actor to circumvent security restrictions and gain unauthorized access to protected information.	28 May 202500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the application interface for managing the lifecycle of mobile devices and Ivanti Endpoint Manager Mobile (EPMM) (formerly MobileIron Core) allows a perpetrator to execute arbitrary code.	21 May 202500:00	–	bdu_fstec
Circl	CVE-2020-5245	14 Apr 202011:14	–	circl

[
  {
    "enisaIdVendor": [
      {
        "id": "9861fc71-f5a8-34c2-ba43-0a466eb02b1c",
        "vendor": {
          "name": "Hibernate"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "44d56026-a1fc-33d9-8b3f-1e0de057d876",
        "product": {
          "name": "Hibernate Validator"
        },
        "product_version": "0 <7.0.0"
      },
      {
        "id": "7d9306c3-e9bc-3344-b060-bc75767070c3",
        "product": {
          "name": "Hibernate Validator"
        },
        "product_version": "0 <6.2.0"
      },
      {
        "id": "8b1653d1-8a15-34f8-a401-5ffebe3d417b",
        "product": {
          "name": "Hibernate Validator"
        },
        "product_version": ""
      }
    ]
  }
]

Source	Link
hibernate	www.hibernate.org/validator/documentation/migration-guide/
in	www.in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/
docs	www.docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/
hibernate	www.hibernate.atlassian.net/browse/HV-1816
github	www.github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final
github	www.github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e
github	www.github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1
github	www.github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893
labs	www.labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/
github	www.github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78

03 Oct 2025 20:07Current

8.1High risk

Vulners AI Score8.1

CVSS 3.17.3 - 8.8

CVSS 29

CVSS 46.9

EPSS0.91261

SSVC