Home

Description

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-03 | Updated 2025-09-03 | Assigner mitre

References

x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability

cve.org (CVE-2025-57052)

nvd.nist.gov (CVE-2025-57052)

Download JSON