CVE-2025-6566

A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
oatppoat\+\+
𝑥
≤ 1.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/oatpp/oatpp/issues/1037
https://github.com/user-attachments/files/19579448/oatpp_crash.txt
https://vuldb.com/?ctiid.313738
https://vuldb.com/?id.313738
https://vuldb.com/?submit.597453
https://github.com/oatpp/oatpp/issues/1037