High severityNVD Advisory· Published Jun 10, 2022· Updated Sep 16, 2024
Deserialization of Untrusted Data
CVE-2022-25845
Description
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable safeMode.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.alibaba:fastjsonMaven | >= 1.2.25, < 1.2.83 | 1.2.83 |
Affected products
2- com.alibaba/fastjsondescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- github.com/advisories/GHSA-pv7h-hx5h-mgfjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25845ghsaADVISORY
- github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60dghsax_refsource_MISCWEB
- github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15ghsax_refsource_MISCWEB
- github.com/alibaba/fastjson/releases/tag/1.2.83ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222ghsax_refsource_MISCWEB
- www.ddosi.org/fastjson-pocghsaWEB
- www.ddosi.org/fastjson-poc/mitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujul2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.