{"vulnerability": "CVE-2017-7525", "sightings": [{"uuid": "caf45b37-7379-4106-b11d-b7ef3ba70761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-7525", "type": "seen", "source": "https://t.me/arpsyndicate/1482", "content": "#ExploitObserverAlert\n\nCVE-2017-17485\n\nDESCRIPTION: Exploit Observer has 60 entries related to CVE-2017-17485. FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.\n\nFIRST-EPSS: 0.107410000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-06T12:41:09.000000Z"}, {"uuid": "d21a122f-5a4f-44d9-9bb7-12aa849c3935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-7525", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/454", "content": "Exploiting the Jackson RCE: CVE-2017-7525\nhttps://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/", "creation_timestamp": "2017-11-03T11:35:55.000000Z"}, {"uuid": "2ed2c16a-6a7c-4cca-a96e-5cb88a9baa5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-7525", "type": "seen", "source": "https://gist.github.com/Dvoryashina/b214d46c1033090540f99c687e72a656", "content": "", "creation_timestamp": "2025-12-13T06:50:38.000000Z"}, {"uuid": "3494fc20-a30a-45b3-8d25-17c9ae315210", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-7525", "type": "seen", "source": "https://gist.github.com/Butters7/e65bcd1f3d9095d96764c7a4c79b936a", "content": "", "creation_timestamp": "2026-01-14T22:24:35.000000Z"}, {"uuid": "3978edf2-57e1-40f7-adaf-667cec6f0cd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-7525", "type": "seen", "source": "https://gist.github.com/ilya-startcode/36aae702894882b7b005b436448a38a0", "content": "", "creation_timestamp": "2026-01-14T23:13:30.000000Z"}, {"uuid": "d7f46ff0-f36e-47b7-9882-c64796c92aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2017-7525", "type": "seen", "source": "https://gist.github.com/winterswang/4908fd900e5f5a047bafb32001894038", "content": "", "creation_timestamp": "2026-03-11T04:03:33.000000Z"}, {"uuid": "9e553f5c-9fb6-41f0-afaf-9a1744fc3933", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2017-7525", "type": "seen", "source": "https://t.me/arpsyndicate/1504", "content": "#ExploitObserverAlert\n\nCVE-2017-7525\n\nDESCRIPTION: Exploit Observer has 118 entries related to CVE-2017-7525. A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.\n\nFIRST-EPSS: 0.531310000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-06T15:38:22.000000Z"}, {"uuid": "07012b7e-8fd4-4769-81a7-b438eb80d55e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2017-7525", "type": "seen", "source": "https://gist.github.com/0xi1y4an7/605ea54aa36cbd993d66a4e7d1674901", "content": "", "creation_timestamp": "2025-05-14T23:15:09.000000Z"}]}