CVE-2025-57052

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions cJSON versions 1.5.0 through 1.7.18

Description cJSON versions 1.5.0 through 1.7.18 contain an out-of-bounds access issue within the decode array index from pointer function located in cJSON Utils.c. This allows attackers to bypass array bounds checking and potentially access restricted data by providing malformed JSON pointer strings that include alphanumeric characters.

Recommendations Update cJSON to a version later than 1.7.18.

Exploit

Fix

RCE

Out of bounds Read

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-129

Related Identifiers

ALT-PU-2025-12379

ALT-PU-2025-12381

BDU:2025-12591

CVE-2025-57052

DLA-4304-1

DSA-6001-1

OESA-2025-2374

OESA-2025-2375

OESA-2025-2376

OESA-2025-2377

OESA-2025-2491

OPENSUSE-SU-2025:15583-1

OPENSUSE-SU-2026:20340-1

RHSA-2025:17614

SUSE-SU-2025:03520-1

USN-7973-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Ubuntu

Cjson

CVE-2025-57052

Weakness Enumeration

Related Identifiers

Affected Products

References · 55