Tag
cve-2022-25845
Safeguard articles tagged "cve-2022-25845" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Fastjson AutoType Bypass RCE (CVE-2022-25845) Explained
CVE-2022-25845 defeated Fastjson's autoType protection and reopened a deserialization RCE path. Here's how the bypass worked and how to lock the library down.
Jul 4, 20265 min read
Vulnerability Analysis
Alibaba fastjson deserialization RCE (CVE-2022-25845)
A critical AutoType-bypass RCE in Alibaba fastjson (CVSS 9.8, EPSS ~99th pct) hits any app parsing untrusted JSON. Here's how to detect and fix it.
Jan 11, 20267 min read