CVE-2017-17485

CRITICAL

jackson-databind < 2.6.7.3, 2.9.0-2.9.3 - Unauthenticated Remote Code Execution via Malicious JSON Input

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2017-17485. PoCs published by Al1ex, dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2017-17485, a deserialization vulnerability in Jackson-databind. The PoC demonstrates remote code execution by leveraging LDAP-based object injection via malicious JSON input.

Description

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Exploits (5)

nomisec WORKING POC 2 stars

by Al1ex · poc

https://github.com/Al1ex/CVE-2017-17485

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2017-17485, a deserialization vulnerability in Jackson-databind. The PoC demonstrates remote code execution by leveraging LDAP-based object injection via malicious JSON input.

Classification

Working Poc 95%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Jackson-databind (versions affected by CVE-2017-17485)

No auth needed

Prerequisites: Jackson-databind library with default typing enabled · LDAP server hosting malicious payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2017-17485-jackson-databind-vulnerable

View Code ZIP pw:eip

This repository contains a vulnerable version of Jackson Databind (2.9.0) that is susceptible to CVE-2017-17485, a deserialization vulnerability. The included source code and build configuration allow for testing and exploitation of the flaw.

Classification

Working Poc 95%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Jackson Databind 2.9.0

No auth needed

Prerequisites: Java environment · vulnerable Jackson Databind version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2017-17485-jackson-databind-vulnerable

View Code ZIP pw:eip

This repository contains a vulnerable version of Jackson Databind (2.9.0) that is susceptible to CVE-2017-17485, a deserialization vulnerability. The included codebase allows for testing and exploitation of the vulnerability, which can lead to remote code execution (RCE) under certain conditions.

Classification

Working Poc 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: Jackson Databind 2.9.0

No auth needed

Prerequisites: An application using Jackson Databind 2.9.0 that deserializes untrusted input

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec NO CODE

by x7iaob · poc

https://github.com/x7iaob/cve-2017-17485

View Code ZIP pw:eip

nomisec STUB

by tafamace · poc

https://github.com/tafamace/CVE-2017-17485

View Code ZIP pw:eip

The provided code is a simple Java stub that prints command-line arguments and does not demonstrate any exploit functionality for CVE-2017-17485. It lacks offensive techniques or vulnerability-specific logic.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: N/A

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →