Vulnerability in Jhipster Generator-jhipster-entity-audit
CVE-2025-31119
generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker…
EPSS: 0.012 (79.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H.
Affected products
- Jhipster Generator-jhipster-entity-audit — versions < 5.9.1
Weakness classification (CWE)
References
- https://github.com/jhipster/generator-jhipster-entity-audit/security/advisories/GHSA-7rmp-3g9f-cvq8 (x_refsource_CONFIRM)
- https://github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejs#L88 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-31119?
- CVE-2025-31119 is a high-severity vulnerability in Jhipster Generator-jhipster-entity-audit, classified under Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection). CVSS score: 7.7/10. Published 2025-04-03.
- How severe is CVE-2025-31119?
- High severity. CVSS v3 base score is 7.7 out of 10.