{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "libcjson-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.15-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.15-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson1-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.15-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.14-1+deb11u3", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.14-1+deb11u3", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson1-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.14-1+deb11u3", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.19-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.19-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson1-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.19-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.18-3.1+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.18-3.1+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libcjson1-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.18-3.1+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2025-57052"}], "descriptions": [{"lang": "en", "value": "cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2025-09-14T00:00:00.000Z", "x_subShortName": "debian"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.7.19-150700.3.3.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-we:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1249112"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57052", "name": "Mitre CVE-2025-57052"}, {"url": "https://www.suse.com/security/cve/CVE-2025-57052", "name": "SUSE CVE-2025-57052"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042060.html", "name": "SUSE-SU-2025:03520-1"}], "descriptions": [{"lang": "en", "value": "\n    cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-10-11T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.7.19-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1249112"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-57052", "name": "Mitre CVE-2025-57052"}, {"url": "https://www.suse.com/security/cve/CVE-2025-57052", "name": "SUSE CVE-2025-57052"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042060.html", "name": "SUSE-SU-2025:03520-1"}], "descriptions": [{"lang": "en", "value": "\n    cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-03-16T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.7.10-1.1ubuntu0.1~esm1", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.7.15-1ubuntu0.1", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "libcjson1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:1.7.17-1ubuntu0.1~esm3", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}], "references": [{"url": "https://ubuntu.com/security/CVE-2025-57052"}, {"url": "https://ubuntu.com/security/notices/USN-7973-1"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-57052"}], "descriptions": [{"lang": "en", "value": "cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via thedecode_array_index_from_pointer function in cJSON_Utils.c, allowing remoteattackers to bypass array bounds checking and access restricted data viamalformed JSON pointer strings containing alphanumeric characters."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-09-03T15:15:00Z", "x_subShortName": "canonical"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:davegamble:cjson:*:*:*:*:*:*:*:*"], "vendor": "davegamble", "product": "cjson", "versions": [{"status": "affected", "version": "1.5.0", "versionType": "custom", "lessThanOrEqual": "1.7.18"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability", "tags": ["exploit"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00019.html"}], "descriptions": [{"lang": "en", "value": "cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125"}, {"lang": "en", "cweId": "CWE-129", "description": "CWE-129"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2025-09-03T15:15:38Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-57052", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:16:12Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-09-03T15:15:38Z", "assignerShortName": "mitre"}, "dataVersion": "5.0"}