INFSA-2025:12280: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Information about definition
Identificator: INFSA-2025:12280
Type: security
Release date: 2025-07-31 16:16:57 UTC
Information about package
Core part of Jackson that defines Streaming API as well as basic shared abstractions.
Vulnerabilities description
- CVE-2025-52999
A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a Stack overflow Error can occur.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-52999
|
no information | 7.5 | no information |
Updated packages