High severity7.6NVD Advisory· Published Apr 3, 2025· Updated Apr 15, 2026
CVE-2025-31119
CVE-2025-31119
Description
generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
generator-jhipster-entity-auditnpm | < 5.9.1 | 5.9.1 |
Patches
10ff1137fc89cVulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-7rmp-3g9f-cvq8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-31119ghsaADVISORY
- github.com/jhipster/generator-jhipster-entity-audit/blob/e21e83135d10c77d92203c89cb0b0063914e8fe0/generators/spring-boot-javers/templates/src/main/java/_package_/web/rest/JaversEntityAuditResource.java.ejsnvdWEB
- github.com/jhipster/generator-jhipster-entity-audit/security/advisories/GHSA-7rmp-3g9f-cvq8nvdWEB
News mentions
0No linked articles in our index yet.