CVE-2025-3588: jsonschema2pojo has Improper Restriction of Operations within the Bounds of a Memory Buffer

April 14, 2025

A vulnerability, which was classified as problematic, has been found in joelittlejohn jsonschema2pojo 1.2.2. This issue affects the function apply of the file org/jsonschema2pojo/rules/SchemaRule.java of the component JSON File Handler. The manipulation leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

github.com/advisories/GHSA-66rc-vg9f-48m7
github.com/joelittlejohn/jsonschema2pojo
github.com/joelittlejohn/jsonschema2pojo/issues/1672
nvd.nist.gov/vuln/detail/CVE-2025-3588
vuldb.com/?ctiid.304643
vuldb.com/?id.304643
vuldb.com/?submit.550136

Code Behaviors & Features

Detect and mitigate CVE-2025-3588 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →