Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kxqr-n7bu-mfaq
Vulnerability ID VCID-kxqr-n7bu-mfaq
Aliases CVE-2022-25845
GHSA-pv7h-hx5h-mgfj
Summary fastjson: autoType shutdown restriction bypass leads to deserialization
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-502 Deserialization of Untrusted Data
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 8.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25845.json
epss 0.88936 https://api.first.org/data/v1/epss?cve=CVE-2022-25845
epss 0.88936 https://api.first.org/data/v1/epss?cve=CVE-2022-25845
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-pv7h-hx5h-mgfj
cvssv3.1 8.1 https://github.com/alibaba/fastjson
generic_textual HIGH https://github.com/alibaba/fastjson
cvssv3.1 8.1 https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d
generic_textual HIGH https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d
cvssv3.1 8.1 https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15
generic_textual HIGH https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15
cvssv3.1 8.1 https://github.com/alibaba/fastjson/releases/tag/1.2.83
generic_textual HIGH https://github.com/alibaba/fastjson/releases/tag/1.2.83
cvssv3.1 8.1 https://github.com/alibaba/fastjson/wiki/security_update_20220523
generic_textual HIGH https://github.com/alibaba/fastjson/wiki/security_update_20220523
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25845
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-25845
cvssv3.1 8.1 https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222
generic_textual HIGH https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222
cvssv3.1 8.1 https://www.ddosi.org/fastjson-poc
generic_textual HIGH https://www.ddosi.org/fastjson-poc
cvssv3.1 8.1 https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual HIGH https://www.oracle.com/security-alerts/cpujul2022.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25845.json
https://api.first.org/data/v1/epss?cve=CVE-2022-25845
https://github.com/alibaba/fastjson
https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d
https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15
https://github.com/alibaba/fastjson/releases/tag/1.2.83
https://github.com/alibaba/fastjson/wiki/security_update_20220523
https://nvd.nist.gov/vuln/detail/CVE-2022-25845
https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222
https://www.ddosi.org/fastjson-poc
https://www.ddosi.org/fastjson-poc/
https://www.oracle.com/security-alerts/cpujul2022.html
2100654 https://bugzilla.redhat.com/show_bug.cgi?id=2100654
GHSA-pv7h-hx5h-mgfj https://github.com/advisories/GHSA-pv7h-hx5h-mgfj
RHSA-2022:5532 https://access.redhat.com/errata/RHSA-2022:5532
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25845.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/alibaba/fastjson
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/alibaba/fastjson/commit/35db4adad70c32089542f23c272def1ad920a60d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/alibaba/fastjson/commit/8f3410f81cbd437f7c459f8868445d50ad301f15
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/alibaba/fastjson/releases/tag/1.2.83
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/alibaba/fastjson/wiki/security_update_20220523
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-25845
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://snyk.io/vuln/SNYK-JAVA-COMALIBABA-2859222
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.ddosi.org/fastjson-poc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/security-alerts/cpujul2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.9954
EPSS Score 0.88936
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:13:01.433933+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25845.json 38.6.0