CVE-2025-35036 [Medium] | Code Injection in Hibernate Validator

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-04-25	1.87%	1.69%	-0.18%
2	2026-04-22	1.69%	1.87%	+0.18%
3	2026-03-30	—	1.69%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-04-25

1.87%

1.69%

-0.18%

2026-04-22

1.69%

1.87%

+0.18%

2026-03-30

—

1.69%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.9	4.0	MEDIUM	`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network. Attack complexity (AC:L) Exploitation conditions are straightforward and stable. Attack requirements (AT:N) No additional preconditions are required beyond normal reachability. Privileges required (PR:N) No privileges are required. User interaction (UI:N) No user interaction is required. Vulnerable system confidentiality impact (VC:L) Limited confidentiality impact on the vulnerable system. Vulnerable system integrity impact (VI:L) Limited integrity impact on the vulnerable system. Vulnerable system availability impact (VA:L) Limited availability impact on the vulnerable system. Subsequent system confidentiality impact (SC:N) No confidentiality impact on subsequent systems. Subsequent system integrity impact (SI:N) No integrity impact on subsequent systems. Subsequent system availability impact (SA:N) No availability impact on subsequent systems. Exploit maturity (threat) (E:X) Not defined: no reliable threat intelligence; scoring assumes the worst case (equivalent to Attacked). Confidentiality requirement (CR:X) Not defined: insufficient information; scoring treats this like High (worst case). Integrity requirement (IR:X) Not defined: insufficient information; scoring treats this like High (worst case). Availability requirement (AR:X) Not defined: insufficient information; scoring treats this like High (worst case). Modified attack vector (MAV:X) Not defined: scoring uses the Base Attack Vector (AV). Modified attack complexity (MAC:X) Not defined: scoring uses the Base Attack Complexity (AC). Modified attack requirements (MAT:X) Not defined: scoring uses the Base Attack Requirements (AT). Modified privileges required (MPR:X) Not defined: scoring uses the Base Privileges Required (PR). Modified user interaction (MUI:X) Not defined: scoring uses the Base User Interaction (UI). Modified vulnerable system confidentiality impact (MVC:X) Not defined: scoring uses the Base VC metric. Modified vulnerable system integrity impact (MVI:X) Not defined: scoring uses the Base VI metric. Modified vulnerable system availability impact (MVA:X) Not defined: scoring uses the Base VA metric. Modified subsequent system confidentiality impact (MSC:X) Not defined: scoring uses the Base SC metric. Modified subsequent system integrity impact (MSI:X) Not defined: scoring uses the Base SI metric. Modified subsequent system availability impact (MSA:X) Not defined: scoring uses the Base SA metric. Safety (supplemental) (S:X) Not evaluated. Automatable (supplemental) (AU:X) Not evaluated. Recovery (supplemental) (R:X) Not evaluated. Value density (supplemental) (V:X) Not evaluated. Vulnerability response effort (supplemental) (RE:X) Not evaluated. Provider urgency (supplemental) (U:X) Not evaluated.	—	—	9119a7d8-5eab-497f-8521-727c672e3725
7.3	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:L) Some sensitive info could get out, but not a total data dump. Integrity (I:L) Attackers could change some data, but it’s limited—not everything goes. Availability (A:L) Might cause slowdowns, glitches, or partial disruption—not a full brick.	3.9	3.4	9119a7d8-5eab-497f-8521-727c672e3725

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.9

4.0

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network.
Attack complexity (AC:L): Exploitation conditions are straightforward and stable.
Attack requirements (AT:N): No additional preconditions are required beyond normal reachability.
Privileges required (PR:N): No privileges are required.
User interaction (UI:N): No user interaction is required.
Vulnerable system confidentiality impact (VC:L): Limited confidentiality impact on the vulnerable system.
Vulnerable system integrity impact (VI:L): Limited integrity impact on the vulnerable system.
Vulnerable system availability impact (VA:L): Limited availability impact on the vulnerable system.
Subsequent system confidentiality impact (SC:N): No confidentiality impact on subsequent systems.
Subsequent system integrity impact (SI:N): No integrity impact on subsequent systems.
Subsequent system availability impact (SA:N): No availability impact on subsequent systems.
Exploit maturity (threat) (E:X): Not defined: no reliable threat intelligence; scoring assumes the worst case (equivalent to Attacked).
Confidentiality requirement (CR:X): Not defined: insufficient information; scoring treats this like High (worst case).
Integrity requirement (IR:X): Not defined: insufficient information; scoring treats this like High (worst case).
Availability requirement (AR:X): Not defined: insufficient information; scoring treats this like High (worst case).
Modified attack vector (MAV:X): Not defined: scoring uses the Base Attack Vector (AV).
Modified attack complexity (MAC:X): Not defined: scoring uses the Base Attack Complexity (AC).
Modified attack requirements (MAT:X): Not defined: scoring uses the Base Attack Requirements (AT).
Modified privileges required (MPR:X): Not defined: scoring uses the Base Privileges Required (PR).
Modified user interaction (MUI:X): Not defined: scoring uses the Base User Interaction (UI).
Modified vulnerable system confidentiality impact (MVC:X): Not defined: scoring uses the Base VC metric.
Modified vulnerable system integrity impact (MVI:X): Not defined: scoring uses the Base VI metric.
Modified vulnerable system availability impact (MVA:X): Not defined: scoring uses the Base VA metric.
Modified subsequent system confidentiality impact (MSC:X): Not defined: scoring uses the Base SC metric.
Modified subsequent system integrity impact (MSI:X): Not defined: scoring uses the Base SI metric.
Modified subsequent system availability impact (MSA:X): Not defined: scoring uses the Base SA metric.
Safety (supplemental) (S:X): Not evaluated.
Automatable (supplemental) (AU:X): Not evaluated.
Recovery (supplemental) (R:X): Not evaluated.
Value density (supplemental) (V:X): Not evaluated.
Vulnerability response effort (supplemental) (RE:X): Not evaluated.
Provider urgency (supplemental) (U:X): Not evaluated.

—

9119a7d8-5eab-497f-8521-727c672e3725

7.3

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:L): Some sensitive info could get out, but not a total data dump.
Integrity (I:L): Attackers could change some data, but it’s limited—not everything goes.
Availability (A:L): Might cause slowdowns, glitches, or partial disruption—not a full brick.

3.9

3.4

9119a7d8-5eab-497f-8521-727c672e3725

OS Trackers for CVE-2025-35036

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2025-35036 not yet assigned priority: Debian including 2 source packages (libhibernate-validator-java, libhibernate-validator4-java), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 10.	https://security-tracker.debian.org/tracker/CVE-2025-35036
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2025-35036
`ubuntu`	medium	CVE-2025-35036 medium priority: Ubuntu including 2 source packages (libhibernate-validator-java, libhibernate-validator4-java), 16 status rows across 9 suites (bionic, focal, jammy, noble, oracular, plucky, questing, upstream, xenial): needs-triage 12, ignored 4.	https://ubuntu.com/security/CVE-2025-35036

Affected software / configurations for CVE-2025-35036

Vendor	Product	Version	Raw CPE
redhat	hibernate_validator	< 6.2.0	cpe:2.3:a:redhat:hibernate_validator::-::::::*

References for CVE-2025-35036

URL	Tags
https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext	Product
https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e	Patch
https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1	Patch
https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78	Patch
https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893	Patch
https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final	Release Notes
https://github.com/hibernate/hibernate-validator/pull/1138	Issue Tracking
https://hibernate.atlassian.net/browse/HV-1816	Issue Tracking
https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1	Release Notes
https://in.relation.to/2021/01/06/hibernate-validator-700-62-final-released/#expression-language	Release Notes
https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/	Not Applicable
https://www.cve.org/CVERecord?id=CVE-2020-5245	Not Applicable
https://www.cve.org/CVERecord?id=CVE-2025-4428	Not Applicable

URL

CVE-2025-35036 | hibernate-validator insecure default Expression Language interpolation

Exploit prediction scoring system (EPSS) score for CVE-2025-35036

Common vulnerability scoring system (CVSS) metrics for CVE-2025-35036

Weakness enumeration for CVE-2025-35036

GitHub Security Advisory for CVE-2025-35036

OS Trackers for CVE-2025-35036

Affected software / configurations for CVE-2025-35036

References for CVE-2025-35036