CVE-2022-25845

Description from NVD

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).

Information Acquisition Date:2022-06-17T14:54Z

CVSS 2.0: 0.0 None CVSS 3.x: 8.1 HIGH

NVD References

N/A
source:CONFIRM
tags:

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag: Apache(1 tweets) Java(2 tweets) Wordpress(2 tweets)

List of frequently cited URLs

URL	Num of Times Referred to
https://cvetrends.com	55
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	13
https://thehackernews.com/2022/06/high-severity-rce-vulnera...	9
https://rssfeeds.cloudsite.builders/2022/06/14/cve-2022-258...	4
https://opsmtrs.com/3tbAFrI	3

▼ Show Information from Twitter(68)

User	URL	Info Source	Date
CVEreport	https://cve.report/CVE-2022-25845	Source CVEreport 1535354416810926083	2022/06/11
threatintelctr	https://nvd.nist.gov/vuln/detail/CVE-2022-25845	Source threatintelctr 1535361985751269377	2022/06/11
threatintelctr	https://nvd.nist.gov/vuln/detail/CVE-2022-25845	Source threatintelctr 1535369532025765888	2022/06/11
CVEnew	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25845	Source CVEnew 1535377575685537793	2022/06/11
vulnonym	None	Source vulnonym 1535420953055969286	2022/06/11
eyeTSystems	https://ift.tt/egipVYK	Source eyeTSystems 1535554882270273537	2022/06/11
eyeTSystems	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25845	Source eyeTSystems 1535554882270273537	2022/06/11
threatmeter	https://ift.tt/3ACqFvZ	Source threatmeter 1535892215406501888	2022/06/12
_r_netsec	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source _r_netsec 1536735993889316864	2022/06/15
Myinfosecfeed	https://ift.tt/LpSJDWG	Source Myinfosecfeed 1536737411014721538	2022/06/15
CybrXx0	https://ift.tt/dbXscfy	Source CybrXx0 1536740220351262721	2022/06/15
ipssignatures	https://twitter.com/search?src=sprv&q=CVE-2022-25845	Source ipssignatures 1536801654170861573	2022/06/15
ipssignatures	https://twitter.com/_r_netsec/status/1536735993889316864	Source ipssignatures 1536801654967832576	2022/06/15
NewsPlopcom	https://rssfeeds.cloudsite.builders/2022/06/14/cve-2022-258...	Source NewsPlopcom 1536803795979714564	2022/06/15
RSSFeedsCloud	https://rssfeeds.cloudsite.builders/2022/06/14/cve-2022-258...	Source RSSFeedsCloud 1536803807518248960	2022/06/15
QuickCartWP	https://rssfeeds.cloudsite.builders/2022/06/14/cve-2022-258...	Source QuickCartWP 1536803816523411456	2022/06/15
sitedataseo	https://rssfeeds.cloudsite.builders/2022/06/14/cve-2022-258...	Source sitedataseo 1536803865143693312	2022/06/15
axcheron	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source axcheron 1536851925509062656	2022/06/15
greyhathackr	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source greyhathackr 1536893680270835712	2022/06/15
beingsheerazali	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source beingsheerazali 1536950440793116672	2022/06/15
Dinosn	https://www.reddit.com/r/netsec/comments/vc6a3p/cve20222584...	Source Dinosn 1536978917424340992	2022/06/15
buaqbot	https://ift.tt/DV5RXF7	Source buaqbot 1536994510999277569	2022/06/15
buaqbot	https://ift.tt/XfxIkHK	Source buaqbot 1536994510999277569	2022/06/15
ipssignatures	https://twitter.com/Dinosn/status/1536978917424340992	Source ipssignatures 1537013546873135104	2022/06/15
CoreSenses	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source CoreSenses 1537106093649846273	2022/06/16
ManuelDantas	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source ManuelDantas 1537174934790750209	2022/06/16
ManuelDantas	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source ManuelDantas 1537176468949803008	2022/06/16
opsmatters_uk	https://opsmtrs.com/3tbAFrI	Source opsmatters_uk 1537252857363185665	2022/06/16
TheHackersNews	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source TheHackersNews 1537351630877696000	2022/06/16
_DrFrusci	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source _DrFrusci 1537351847459135488	2022/06/16
Swati_THN	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source Swati_THN 1537357058885832705	2022/06/16
shah_sheikh	https://securityaffairs.co/wordpress/132333/security/fastjs...	Source shah_sheikh 1537379850859581440	2022/06/16
shah_sheikh	https://twitter.com/shah_sheikh/status/1537379850859581440/...	Source shah_sheikh 1537379850859581440	2022/06/16
Tango_Ra	https://lnkd.in/d2zNgMCS	Source Tango_Ra 1537380316398116864	2022/06/16
security_wang	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source security_wang 1537387257954328576	2022/06/16
unix_root	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source unix_root 1537387257983668224	2022/06/16
IT_news_for_all	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source IT_news_for_all 1537391685335908352	2022/06/16
IT_news_for_all	https://t.me/s/it_news_for_all/50091	Source IT_news_for_all 1537391685335908352	2022/06/16
jbhall56	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source jbhall56 1537398140567011328	2022/06/16
_therealmark_	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source _therealmark_ 1537400855787339779	2022/06/16
_therealmark_	https://twitter.com/_therealmark_/status/153740085578733977...	Source _therealmark_ 1537400855787339779	2022/06/16
CVEtrends	https://cvetrends.com	Source CVEtrends 1537419735457009665	2022/06/16
YourAnonRiots	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source YourAnonRiots 1537428053487280128	2022/06/16
AnonAnonymous	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source AnonAnonymous 1537432773232734210	2022/06/16
pk_sharma2019	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source pk_sharma2019 1537498222716936199	2022/06/17
pk_sharma2019	https://twitter.com/pk_sharma2019/status/153749822271693619...	Source pk_sharma2019 1537498222716936199	2022/06/17
foxbook	https://securityaffairs.co/wordpress/132333/security/fastjs...	Source foxbook 1537539723421425667	2022/06/17
ksg93rd	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source ksg93rd 1537637402424098816	2022/06/17
csirt_it	https://twitter.com/csirt_it/status/1537693603832778752/pho...	Source csirt_it 1537693603832778752	2022/06/17
kawada_syogo225	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source kawada_syogo225 1537695376022458368	2022/06/17
nicolaferrini	http://csirt.gov.it/contenuti/poc-pubblico-per-lo-sfruttame...	Source nicolaferrini 1537705871647514630	2022/06/17
SinetNews	https://ift.tt/dtEm0P6	Source SinetNews 1537710240623468545	2022/06/17
mattn_jp	https://htn.to/3MYC2pqe2V	Source mattn_jp 1537725288901394432	2022/06/17
Wh0ale	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source Wh0ale 1537749124996423681	2022/06/17
Lulztigre	https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjso...	Source Lulztigre 1537820958421135361	2022/06/18
RemotelyAlerts	http://alerts.remotelyrmm.com/CVE-2022-25845	Source RemotelyAlerts 1537865668451717121	2022/06/18
WolfgangSesin	http://www.sesin.at	Source WolfgangSesin 1538516111305715716	2022/06/19
WolfgangSesin	https://www.sesin.at/2022/06/19/cve-2022-25845-fastjson	Source WolfgangSesin 1538516111305715716	2022/06/19
www_sesin_at	http://www.sesin.at	Source www_sesin_at 1538516112798797826	2022/06/19
www_sesin_at	https://www.sesin.at/2022/06/19/cve-2022-25845-fastjson	Source www_sesin_at 1538516112798797826	2022/06/19
csirt_it	https://www.csirt.gov.it/contenuti/la-settimana-cibernetica...	Source csirt_it 1538773987274240001	2022/06/20
csirt_it	https://twitter.com/csirt_it/status/1538773987274240001/pho...	Source csirt_it 1538773987274240001	2022/06/20
CVEtrends	https://cvetrends.com	Source CVEtrends 1538869289545043970	2022/06/20
CVEtrends	https://cvetrends.com	Source CVEtrends 1539231674675908608	2022/06/21
HEADLINENEWSVZL	https://thehackernews.com/2022/06/high-severity-rce-vulnera...	Source HEADLINENEWSVZL 1539440973310312451	2022/06/22
CVEtrends	https://cvetrends.com	Source CVEtrends 1539594062449315840	2022/06/22
cKure7	https://amp.thehackernews.com/thn/2022/06/high-severity-rce...	Source cKure7 1540770768463704066	2022/06/26
opsmatters_uk	https://opsmtrs.com/3tbAFrI	Source opsmatters_uk 1542316056445853701	2022/06/30

List of frequently cited URLs

URL	Num of Times Referred to
cvetrends.com	55
jfrog.com	13
thehackernews.com	9
rssfeeds.cloudsite.builders	4
opsmtrs.com	3

▼ Show Information from Twitter(68)

User	URL	Info Source
CVEreport	cve.report	Show Tweet
threatintelctr	nvd.nist.gov	Show Tweet
threatintelctr	nvd.nist.gov	Show Tweet
CVEnew	cve.mitre.org	Show Tweet
vulnonym		Show Tweet
eyeTSystems	ift.tt	Show Tweet
eyeTSystems	cve.mitre.org	Show Tweet
threatmeter	ift.tt	Show Tweet
_r_netsec	jfrog.com	Show Tweet
Myinfosecfeed	ift.tt	Show Tweet
CybrXx0	ift.tt	Show Tweet
ipssignatures	twitter.com	Show Tweet
ipssignatures	twitter.com	Show Tweet
NewsPlopcom	rssfeeds.cloudsite.builders	Show Tweet
RSSFeedsCloud	rssfeeds.cloudsite.builders	Show Tweet
QuickCartWP	rssfeeds.cloudsite.builders	Show Tweet
sitedataseo	rssfeeds.cloudsite.builders	Show Tweet
axcheron	jfrog.com	Show Tweet
greyhathackr	jfrog.com	Show Tweet
beingsheerazali	jfrog.com	Show Tweet
Dinosn	reddit.com	Show Tweet
buaqbot	ift.tt	Show Tweet
buaqbot	ift.tt	Show Tweet
ipssignatures	twitter.com	Show Tweet
CoreSenses	jfrog.com	Show Tweet
ManuelDantas	jfrog.com	Show Tweet
ManuelDantas	jfrog.com	Show Tweet
opsmatters_uk	opsmtrs.com	Show Tweet
TheHackersNews	thehackernews.com	Show Tweet
_DrFrusci	thehackernews.com	Show Tweet
Swati_THN	thehackernews.com	Show Tweet
shah_sheikh	securityaffairs.co	Show Tweet
shah_sheikh	twitter.com	Show Tweet
Tango_Ra	lnkd.in	Show Tweet
security_wang	thehackernews.com	Show Tweet
unix_root	thehackernews.com	Show Tweet
IT_news_for_all	thehackernews.com	Show Tweet
IT_news_for_all	t.me	Show Tweet
jbhall56	thehackernews.com	Show Tweet
_therealmark_	thehackernews.com	Show Tweet
_therealmark_	twitter.com	Show Tweet
CVEtrends	cvetrends.com	Show Tweet
YourAnonRiots	thehackernews.com	Show Tweet
AnonAnonymous	jfrog.com	Show Tweet
pk_sharma2019	jfrog.com	Show Tweet
pk_sharma2019	twitter.com	Show Tweet
foxbook	securityaffairs.co	Show Tweet
ksg93rd	jfrog.com	Show Tweet
csirt_it	twitter.com	Show Tweet
kawada_syogo225	jfrog.com	Show Tweet
nicolaferrini	csirt.gov.it	Show Tweet
SinetNews	ift.tt	Show Tweet
mattn_jp	htn.to	Show Tweet
Wh0ale	jfrog.com	Show Tweet
Lulztigre	jfrog.com	Show Tweet
RemotelyAlerts	alerts.remotelyrmm.com	Show Tweet
WolfgangSesin	sesin.at	Show Tweet
WolfgangSesin	sesin.at	Show Tweet
www_sesin_at	sesin.at	Show Tweet
www_sesin_at	sesin.at	Show Tweet
csirt_it	csirt.gov.it	Show Tweet
csirt_it	twitter.com	Show Tweet
CVEtrends	cvetrends.com	Show Tweet
CVEtrends	cvetrends.com	Show Tweet
HEADLINENEWSVZL	thehackernews.com	Show Tweet
CVEtrends	cvetrends.com	Show Tweet
cKure7	amp.thehackernews.com	Show Tweet
opsmatters_uk	opsmtrs.com	Show Tweet

GitHub Search Results: Up to 10

Name	URL
No Data

GitHub Search Results: Up to 10

Name	URL
No Data

2022/06/30 Score : 1
Added Har-sia Database : 2022/06/11
Last Modified : 2022/06/30
Highest Scored Date : 2022/06/16
Highest Score : 18