CRITICAL
Alibaba
CVE published 2026-01-09
CVE-2025-70974
CVE-2025-70974 is a critical vulnerability in Fastjson, a popular JSON processing library for Java. The vulnerability exists due to mishandling of the autoType feature, which allows for JNDI injection attacks. An attacker can exploit this vulnerability by crafting a malicious JSON document that triggers calls to public methods of a Java class, potentially leading to code execution. This vulnerability was [truncated]