Description

A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in joelittlejohn jsonschema2pojo 1.2.2 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist die Funktion apply der Datei org/jsonschema2pojo/rules/SchemaRule.java der Komponente JSON File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2025-3588

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.8

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products

Vendor: joelittlejohn

Product: jsonschema2pojo

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.01% (probability of being exploited)

EPSS Percentile: 1.32% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3588
https://vuldb.com/?id.304643
https://vuldb.com/?ctiid.304643
https://vuldb.com/?submit.550136
https://github.com/joelittlejohn/jsonschema2pojo/issues/1672
https://github.com/joelittlejohn/jsonschema2pojo/issues/1672#issue-2968446816

Timeline