{"api_version":"1","generated_at":"2026-04-22T20:52:21+00:00","cve":"CVE-2020-25638","urls":{"html":"https://cve.report/CVE-2020-25638","api":"https://cve.report/api/cve/CVE-2020-25638.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-25638","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-25638"},"summary":{"title":"CVE-2020-25638","description":"A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-12-02 15:15:00","updated_at":"2023-11-07 03:20:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E","name":"[turbine-dev] 20211015 Fulcrum Security Hibernate Module","refsource":"","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2021/dsa-4908","name":"DSA-4908","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4908-1 libhibernate3-java","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881353","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1881353","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"1881353 – (CVE-2020-25638) CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E","name":"[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html","name":"[debian-lts-announce] 20210103 [SECURITY] [DLA 2512-1] libhibernate3-java security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2512-1] libhibernate3-java security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E","name":"[turbine-dev] 20211015 Fulcrum Security Hibernate Module","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E","name":"[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression","refsource":"","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-25638","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25638","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"25638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25638","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hibernate","cpe5":"hibernate_orm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25638","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hibernate","cpe5":"hibernate_orm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"communications_cloud_native_core_console","cpe6":"1.9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25638","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"retail_customer_management_and_segmentation_foundation","cpe6":"19.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"25638","vulnerable":"1","versionEndIncluding":"1.9.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"quarkus","cpe5":"quarkus","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-25638","qid":"150676","title":"Oracle WebLogic Server Multiple Vulnerabilities (APR-2023)"},{"cve":"CVE-2020-25638","qid":"178572","title":"Debian Security Update for libhibernate3-java (DSA 4908-1)"},{"cve":"CVE-2020-25638","qid":"239760","title":"Red Hat Update for red hat jboss web server 5.5.0 (RHSA-2021:2561)"},{"cve":"CVE-2020-25638","qid":"87542","title":"Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2023)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-25638","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"hibernate-core","version":{"version_data":[{"version_value":"Hibernate ORM versions before 5.4.24.Final"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1881353","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1881353"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210103 [SECURITY] [DLA 2512-1] libhibernate3-java security update","url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"},{"refsource":"DEBIAN","name":"DSA-4908","url":"https://www.debian.org/security/2021/dsa-4908"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"MISC","name":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"refsource":"MLIST","name":"[turbine-dev] 20211015 Fulcrum Security Hibernate Module","url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"},{"refsource":"MLIST","name":"[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression","url":"https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujul2022.html"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."}]}},"nvd":{"publishedDate":"2020-12-02 15:15:00","lastModifiedDate":"2023-11-07 03:20:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndExcluding":"5.4.24","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*","versionEndExcluding":"5.3.20","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"25638","Ordinal":"187055","Title":"CVE-2020-25638","CVE":"CVE-2020-25638","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"25638","Ordinal":"1","NoteData":"A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"25638","Ordinal":"2","NoteData":"2020-12-02","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"25638","Ordinal":"3","NoteData":"2021-10-18","Type":"Other","Title":"Modified"}]}}}