CVE advisoryCRITICAL
CVE-2025-70974
Fastjson AutoType JNDI Injection Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical vulnerability in Fastjson, a Java library, may allow remote code execution via JNDI injection when processing specific JSON documents. This issue has been actively exploited since 2023. Applications parsing unauthenticated JSON input using this library may be exposed.