CVE-2022-25845 · The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdow

01 · The Real Story

This is a spare key hidden under the mat, but only if the attacker already knows your floor plan

CVE-2022-25845 is a Fastjson 1.x deserialization flaw in com.alibaba:fastjson that lets attacker-controlled JSON bypass the default autoType shutdown in certain parsing paths. Authoritative advisories disagree slightly on the lower bound, but the practical affected set is Fastjson releases before 1.2.83, especially applications using JSON.parse or JSON.parseObject on untrusted input without binding to a specific class; Alibaba's security note calls out <=1.2.80, while GitHub's advisory tracks >=1.2.25, <1.2.83.

The vendor's HIGH label is technically defensible in a lab because the bug is unauthenticated, network-reachable, and can end in RCE. In real enterprise estates, though, exploitation is much narrower: the target app must expose a vulnerable generic parse sink, and the attacker still needs a useful Throwable-derived gadget already present in that application's classpath. That combination is uncommon enough that this scores better as MEDIUM for patch scheduling, not because the bug is harmless, but because most deployments will fail before impact.

"Fastjson is noisy here, but real exploitation usually dies on the gadget and sink requirements."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Find a reachable Fastjson parse sink

The attacker needs an HTTP, RPC, or message-driven code path that feeds attacker-controlled JSON into Fastjson's generic parsing APIs such as JSON.parse or JSON.parseObject without specifying a fixed target type. This is the real choke point: a dependency alone is not enough; the application has to use it in the vulnerable way.

Conditions required:

Unauthenticated or low-friction remote access to an endpoint that accepts JSON
The application uses Fastjson 1.x before 1.2.83
User input reaches JSON.parse or JSON.parseObject generically

Where this breaks in practice:

Many apps use Fastjson only for serialization or for typed deserialization, which is not the same exposure
SCA finds the library, but not whether the vulnerable API sink is actually reachable
Modern API stacks often front this with schema validation, DTO binding, or framework parsers that never call the dangerous path

Detection/coverage: Dependency scanners catch the component version reliably; only code-aware SAST or contextual SCA can tell whether the dangerous parse APIs are actually invoked with untrusted input.

STEP 02

Bypass the default autoType restriction

The attacker then sends crafted JSON using @type to reach Fastjson's exception-handling path. JFrog's analysis shows the bypass works because Fastjson still permits deserialization when the target class extends Throwable, despite the default autoType protections.

Conditions required:

Special keys like @type are not stripped before parsing
Safe Mode is not enabled
The request reaches the vulnerable Fastjson parser path intact

Where this breaks in practice:

Input normalizers, WAFs, or schema enforcement may reject unexpected @type fields
Alibaba's safeMode fully blocks autoType, killing this step outright
Some upstream services reserialize or canonicalize JSON, breaking crafted payload structure

Detection/coverage: Web logs and WAF telemetry can sometimes spot @type probes, but coverage is inconsistent because this is library-level behavior, not a distinct network service.

STEP 03

Locate a usable Throwable gadget

This is where most real-world exploit chains collapse. The attacker needs a class already loaded in the target application's classpath that extends Throwable and has constructors and/or setter side effects that can be abused for code execution, file access, SSRF, or data leakage.

Conditions required:

A compatible gadget class exists in the target classpath
The gadget's constructor or setters can be influenced through JSON fields
The gadget produces a meaningful security effect under application privileges

Where this breaks in practice:

Public research found this class family severely constrained compared with normal Java deserialization gadgets
JFrog noted only a narrow Throwable gadget window and highlighted low-impact public examples rather than turnkey RCE
The attacker usually needs target-specific reverse engineering to know which dependencies are present

Detection/coverage: No commodity scanner can prove gadget presence and exploitability at scale without app-specific classpath and code-flow analysis.

STEP 04

Convert gadget execution into impact

If a workable gadget exists, the payload executes with the privileges of the Java process. That can mean data exposure, outbound calls, or in rare cases command execution, but the blast radius is bounded by the app's runtime permissions and containerization.

Conditions required:

The Java process has useful OS, network, or data-plane privileges
Egress controls or sandboxing do not block the gadget's action
The attacker can observe or leverage the resulting effect

Where this breaks in practice:

Containerized workloads often run with reduced privileges and limited egress
EDR, application allow-listing, or seccomp can break post-deserialization behavior
Even successful gadget invocation may only leak limited data instead of granting code execution

Detection/coverage: Impact detection shifts to host and workload telemetry: child-process creation, unusual JVM egress, or anomalous exception objects in app traces.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No CISA KEV entry and I found no authoritative public campaign reporting tying this CVE to broad in-the-wild exploitation. That matters because this is a library bug with heavy preconditions, not a proven mass-exploitation event.
Public exploit / PoC	Yes. The advisory chain references a public PoC at ddosi.org, and JFrog analyzed a published exploit path using crafted `@type` values. Treat PoC availability as real, but not equal to turnkey enterprise exploitability.
EPSS	User-supplied EPSS is 0.88936; Wiz reports roughly 86.9% probability / 99.4 percentile. That says attackers are interested, not that your specific app has the vulnerable sink and gadget chain.
KEV status	Not KEV-listed as of this assessment. No KEV date or federal due date applies.
CVSS vector	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H` = remote and no auth, but high attack complexity. That `AC:H` is not paperwork here; it reflects the very real need for a specific parse sink plus a usable gadget.
Affected versions	GitHub Advisory tracks `>=1.2.25, <1.2.83`; Alibaba's security update says the risk affects `<=1.2.80` in certain dependency conditions. Operationally, treat any Fastjson 1.x below `1.2.83` as suspect until proven otherwise.
Fixed versions	Primary fix is `1.2.83`. Alibaba also documents `safeMode` as a mitigation and provides *`_noneautotype`** builds for some older branches where compatibility blocks a normal upgrade.
Exposure / scanning reality	This is a buried library, not a bannered network product, so there is no meaningful Shodan/Censys-style exposure count. Your exposure has to be measured through SBOM/SCA, classpath inspection, and ideally code-flow analysis to confirm vulnerable API use.
Disclosure	Published 2022-06-10 in NVD/CVE tracking; Alibaba's release and security note landed in late May to mid-June 2022.
Researcher / reporting	The public deep technical analysis most defenders rely on came from Uriya Yavnieli at JFrog Security Research. Alibaba's own wiki and release note are the primary maintainer-side remediation references.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (6.4/10)

The decisive factor is exploit chain fragility: a vulnerable Fastjson version is not enough, because the attacker still needs both a reachable generic parse sink and a useful Throwable-derived gadget in the target classpath. That sharply narrows the exposed population compared with a normal unauthenticated RCE, so the vendor's HIGH overstates what most 10,000-host estates will actually face.

HIGH Component version and fix version (`<1.2.83` / `1.2.83`)

HIGH Exploit preconditions around generic parse APIs and `Throwable` gadget constraints

MEDIUM Population-level severity downgrade across mixed enterprise Java estates

Why this verdict

Downward pressure: requires a reachable vulnerable sink — the attacker needs untrusted input to hit JSON.parse or generic JSON.parseObject, not just the dependency on disk.
Downward pressure: requires a very specific gadget family — exploitation is constrained to Throwable-derived classes, which is much narrower than classic Java deserialization gadget hunting.
Downward pressure: exposure fraction is limited — this is a library embedded inside apps, so internet reachability depends on custom application behavior, not default product exposure.
Upward pressure: no auth and remote delivery are possible — if the sink exists, the attacker does not need credentials or user interaction.
Upward pressure: high attacker interest — public PoCs exist and EPSS is very high, so you should not ignore this just because KEV is empty.

Why not higher?

A higher score would fit a broadly reachable, repeatable exploit path. This one is not that. The chain is gated by two compounding prerequisites — vulnerable API usage and a usable Throwable gadget — and both sharply reduce the number of real deployments that can be exploited end-to-end.

Why not lower?

This still is not backlog lint. If your app exposes the vulnerable parse path, the attack can be unauthenticated and remote, and the impact can be serious under the app's runtime privileges. Public exploit material and very high EPSS keep this above LOW even though the median deployment is harder to pop than the CVSS headline suggests.

05 · Compensating Control

What to do — in priority order.

Enable safeMode — If you cannot upgrade immediately, turn on Fastjson safeMode to disable autoType outright; Alibaba documents this as blocking the vulnerable behavior. For a MEDIUM verdict there is no mitigation SLA, but this is the cleanest compensating control to deploy during the remediation window when compatibility testing delays the patch.
Hunt generic parse sinks — Search code and runtime traces for JSON.parse( and JSON.parseObject( handling untrusted request bodies, queue messages, or cache entries. Do this early in the 365-day remediation window so you can separate true risk from simple dependency presence and patch the actually exposed apps first.
Block suspicious @type input — At API gateways, WAFs, or schema validators, reject payloads containing unexpected @type fields where the business contract does not require them. There is no mitigation SLA for MEDIUM, but this is a practical blast-radius reducer for internet-facing services while application owners schedule the library upgrade.
Constrain JVM egress and runtime privileges — Limit outbound network access, filesystem reach, and process execution for Java workloads so even a successful gadget has less room to turn deserialization into real impact. Apply this as normal hardening during the remediation cycle, especially for externally reachable Java APIs.

What doesn't work

A plain version-only vulnerability scan does not tell you whether the vulnerable API sink is reachable, so it overstates urgency and creates patch noise.
Assuming autoType is disabled by default, therefore we're safe is exactly the trap here; this CVE is a bypass of that default posture under specific conditions.
A generic WAF signature for one public PoC is weak protection because attackers can vary payload structure, and the real exposure is inside application parsing logic.

06 · Verification

Crowdsourced verification payload.

Run this on the target host, container image filesystem, unpacked application directory, or artifact repository mirror where Java JARs live. Invoke it with python3 fastjson_cve_2022_25845_check.py /opt/apps and no elevated privileges are usually needed unless you scan restricted directories; it reports VULNERABLE, PATCHED, or UNKNOWN based on discovered Fastjson artifacts.

noisgate-verify.py

PYTHONREAD-ONLYSAFE

#!/usr/bin/env python3
# CVE-2022-25845 fastjson exposure checker
# Usage: python3 fastjson_cve_2022_25845_check.py /path/to/search
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN, 3=usage/runtime error

import os
import re
import sys
import zipfile
from typing import Optional, Tuple, List

TARGET_FIXED = (1, 2, 83)


def normalize_version(raw: str) -> Tuple[Optional[Tuple[int, ...]], str]:
    if not raw:
        return None, ""
    raw = raw.strip()
    # Handle versions like 1.2.71_noneautotype
    m = re.match(r'^(\d+(?:\.\d+)+)', raw)
    if not m:
        return None, raw
    nums = tuple(int(x) for x in m.group(1).split('.'))
    return nums, raw


def version_status(version_raw: str, jar_name: str) -> str:
    lower = (version_raw or "").lower() + " " + jar_name.lower()
    if "noneautotype" in lower:
        return "PATCHED"
    nums, _ = normalize_version(version_raw)
    if nums is None:
        return "UNKNOWN"
    if nums >= TARGET_FIXED:
        return "PATCHED"
    return "VULNERABLE"


def read_pom_properties(jar_path: str) -> Optional[str]:
    try:
        with zipfile.ZipFile(jar_path, 'r') as zf:
            for name in zf.namelist():
                if name.endswith('pom.properties') and 'com/alibaba/fastjson' in name:
                    data = zf.read(name).decode('utf-8', errors='ignore')
                    for line in data.splitlines():
                        if line.startswith('version='):
                            return line.split('=', 1)[1].strip()
    except Exception:
        return None
    return None


def infer_version_from_filename(filename: str) -> Optional[str]:
    # Examples:
    # fastjson-1.2.80.jar
    # fastjson-1.2.71_noneautotype.jar
    m = re.search(r'fastjson-([0-9][A-Za-z0-9._-]*)\.jar$', filename, re.IGNORECASE)
    if m:
        return m.group(1)
    return None


def inspect_jar(jar_path: str) -> Tuple[str, str]:
    jar_name = os.path.basename(jar_path)
    version = read_pom_properties(jar_path)
    if not version:
        version = infer_version_from_filename(jar_name) or ""
    if not version:
        return "UNKNOWN", f"{jar_path} :: unable to determine version"
    status = version_status(version, jar_name)
    return status, f"{jar_path} :: version={version}"


def find_fastjson_refs(root: str) -> List[Tuple[str, str]]:
    findings = []
    for base, _, files in os.walk(root):
        for f in files:
            lower = f.lower()
            path = os.path.join(base, f)
            if lower.endswith('.jar') and 'fastjson' in lower:
                findings.append(inspect_jar(path))
            elif lower == 'pom.xml':
                try:
                    text = open(path, 'r', encoding='utf-8', errors='ignore').read()
                    if '<artifactId>fastjson</artifactId>' in text and '<groupId>com.alibaba</groupId>' in text:
                        m = re.search(r'<artifactId>fastjson</artifactId>.*?<version>([^<]+)</version>', text, re.DOTALL)
                        if m:
                            version = m.group(1).strip()
                            status = version_status(version, 'pom.xml')
                            findings.append((status, f"{path} :: declared_version={version}"))
                        else:
                            findings.append(("UNKNOWN", f"{path} :: fastjson dependency found but version unresolved"))
                except Exception:
                    findings.append(("UNKNOWN", f"{path} :: failed to parse pom.xml"))
    return findings


def main() -> int:
    if len(sys.argv) != 2:
        print("UNKNOWN")
        print("Usage: python3 fastjson_cve_2022_25845_check.py /path/to/search")
        return 3

    root = sys.argv[1]
    if not os.path.exists(root):
        print("UNKNOWN")
        print(f"Path does not exist: {root}")
        return 3

    findings = find_fastjson_refs(root)
    if not findings:
        print("UNKNOWN")
        print("No Fastjson artifacts or Maven declarations found.")
        return 2

    has_vuln = any(status == 'VULNERABLE' for status, _ in findings)
    all_patched = all(status == 'PATCHED' for status, _ in findings)

    if has_vuln:
        print("VULNERABLE")
        for status, detail in findings:
            print(f"[{status}] {detail}")
        return 1
    elif all_patched:
        print("PATCHED")
        for status, detail in findings:
            print(f"[{status}] {detail}")
        return 0
    else:
        print("UNKNOWN")
        for status, detail in findings:
            print(f"[{status}] {detail}")
        return 2


if __name__ == '__main__':
    sys.exit(main())

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, do not let the vendor's HIGH turn into an all-hands fire drill across every Java host. First, use SBOM/SCA and code search to identify where Fastjson is actually present and where untrusted input reaches generic parse APIs; for MEDIUM there is no noisgate mitigation SLA — go straight to the 365-day remediation window, but you should still enable safeMode opportunistically on exposed services where compatibility allows. Then schedule the actual library upgrade to 1.2.83 or a documented safe alternative within the noisgate remediation SLA of ≤ 365 days, prioritizing internet-facing Java APIs, apps with generic JSON.parse usage, and products that bundle Fastjson indirectly.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.