Home > Vulnerability Database > CVE-2025-31129

Mend.io Vulnerability Database

CVE-2025-31129

Good to know:

Date: March 31, 2025

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).

Severity Score

8.8

Related Resources (7)

Url: https://github.com/jooby-project/jooby/security/advisories/GHSA-7c5v-895v-w4q5

Url: https://github.com/jooby-project/jooby/blob/v2.x/modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java#L39-L45

Url: https://github.com/jooby-project/jooby

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-31129

Url: https://github.com/jooby-project/jooby/blob/v3.6.1/modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java#L77-L84

Url: https://github.com/jooby-project/jooby/commit/3e13562cf36d7407813eae464e0f4b598de15692

Url: https://www.mend.io/vulnerability-database/CVE-2025-31129

Severity Score

8.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

Upgrade Version

Upgrade to version io.jooby:jooby-pac4j:2.16.4;io.jooby:jooby-pac4j:3.7.0;https://github.com/jooby-project/jooby.git - v2.17.0;https://github.com/jooby-project/jooby.git - v3.7.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-31129

Good to know:

Date: March 31, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?