{"uuid": "e4ddf8ac-aa24-4d31-b96f-58d9c0ac2b98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25845", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9819", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: Cybersecurity researchers have detailed a recently patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.\n\nTracked as CVE-2022-25845 (CVSS score: 8.1), the issue relates to a case of deserialization of untrusted data in a supported feature called \"AutoType.\" It was patched by the project maintainers in version 1.2.83 released on May 23, 2022.\n\nhttps://github.com/alibaba/fastjson/wiki/security_update_20220523\n\nhttps://amp.thehackernews.com/thn/2022/06/high-severity-rce-vulnerability.html", "creation_timestamp": "2022-06-25T18:55:53.000000Z"}