CVE-2025-57052
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-11-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| davegamble | cjson | From 1.5.0 (inc) to 1.7.18 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57052 is a critical vulnerability in the cJSON library versions 1.5.0 through 1.7.18. It occurs in the decode_array_index_from_pointer function in cJSON_Utils.c, where improper input validation during JSON pointer parsing allows attackers to bypass array bounds checking. Specifically, a faulty loop condition causes non-digit characters to be misinterpreted as digits, leading to out-of-bounds array access. For example, a malformed JSON pointer like '/0A' is parsed incorrectly, causing the program to access memory outside the intended array bounds, which can result in segmentation faults or denial of service. [1]
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to cause out-of-bounds memory access in applications using the affected cJSON versions. This can lead to segmentation faults, crashes, or denial of service conditions. Any software that uses cJSON for JSON pointer parsing, including web APIs, embedded/IoT devices, and desktop/server applications, may be impacted if they process malformed JSON pointers from untrusted sources. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for application crashes or segmentation faults when processing JSON pointers, especially those containing malformed indices like '/0A'. You can test vulnerable applications by sending crafted JSON pointer strings with alphanumeric characters in array indices to see if they cause crashes or unexpected behavior. For example, using curl or similar tools to send JSON payloads with pointers such as '/0A' to APIs that use cJSON for JSON pointer parsing. Additionally, reviewing application logs for segmentation faults or denial of service symptoms related to JSON pointer processing can help detect exploitation attempts. There are no specific commands provided, but fuzz testing JSON pointer inputs or using debugging tools to trace cJSON_Utils.c behavior during JSON parsing can assist in detection. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the cJSON library to a version where the loop condition in decode_array_index_from_pointer is corrected to properly validate each character as a digit. Specifically, the loop condition should be changed from checking 'pointer[0]' to 'pointer[position]' to ensure only digit characters are processed. If updating is not immediately possible, applying the patch that fixes the loop condition in cJSON_Utils.c can prevent out-of-bounds access. Additionally, implementing input validation or sanitization on JSON pointer strings before they reach cJSON parsing can reduce risk. Monitoring and restricting malformed JSON pointer inputs at the application or network level can also help mitigate exploitation. [1]