Unrated severityNVD Advisory· Published Sep 3, 2025· Updated Nov 3, 2025

CVE-2025-57052

Description

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

Affected products

cJSON/cJSONdescription
Davegamble/cjson/Cjsonllm-fuzzy
Range: >=1.5.0, <=1.7.18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerabilitymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000