How severe is CVE-2025-31119?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2025-31119?

This is classified as CWE-470, which is a common weakness in software security.

CVE-2025-31119 - HIGH Severity | CVSS 7.6

Vulnerability Description

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1.

Related Vulnerabilities

CVE-2019-10174

HIGH

CVSS:7.5(High)

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's...

CWE-4702019

CVE-2025-2794

HIGH

CVSS:7.5(High)

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through ...

CWE-4702025

CVE-2022-26469

HIGH

CVSS:7.8(High)

In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

CWE-4702022

CVE-2024-8048

HIGH

CVSS:7.8(High)

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

CWE-4702024

CVE-2023-0460

HIGH

CVSS:7.3(High)

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. T...

CWE-4702023

CVE-2018-5511

HIGH

CVSS:7.2(High)

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, ...

CWE-4702018