CVE-2025-67221
HIGHorjson < 3.11.4 - Denial of Service via Deeply Nested JSON Documents
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-67221. PoCs published by kpatsakis.
AI-analyzed exploit summary This repository contains a working proof-of-concept for CVE-2025-67221, a denial-of-service vulnerability in orjson versions ≤ 3.11.4 due to uncontrolled recursion in the `orjson.dumps()` function. The PoC demonstrates a crash by serializing a deeply nested data structure.
Description
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
Exploits (1)
This repository contains a working proof-of-concept for CVE-2025-67221, a denial-of-service vulnerability in orjson versions ≤ 3.11.4 due to uncontrolled recursion in the `orjson.dumps()` function. The PoC demonstrates a crash by serializing a deeply nested data structure.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H