Bug 2374804 (CVE-2025-52999) - CVE-2025-52999 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
Summary: CVE-2025-52999 com.fasterxml.jackson.core/jackson-core: jackson-core Potentia...
Keywords:
Status: NEW
Alias: CVE-2025-52999
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2374816 2374819 2374820 2374821 2374822 2374823 2374825 2374826 2374813 2374814 2374815 2374817 2374818 2374824 2380871 2380872 2380873 2380877 2380878 2380879
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-06-25 18:01 UTC by OSIDB Bzimport
Modified: 2025-10-07 07:40 UTC (History)
164 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:10092 0 None None None 2025-07-01 13:46:38 UTC
Red Hat Product Errata RHSA-2025:10097 0 None None None 2025-07-01 14:28:37 UTC
Red Hat Product Errata RHSA-2025:10098 0 None None None 2025-07-01 14:33:05 UTC
Red Hat Product Errata RHSA-2025:10104 0 None None None 2025-07-01 14:54:33 UTC
Red Hat Product Errata RHSA-2025:10118 0 None None None 2025-07-01 16:35:29 UTC
Red Hat Product Errata RHSA-2025:10119 0 None None None 2025-07-01 16:29:45 UTC
Red Hat Product Errata RHSA-2025:10120 0 None None None 2025-07-01 16:50:16 UTC
Red Hat Product Errata RHSA-2025:11473 0 None None None 2025-07-21 17:05:55 UTC
Red Hat Product Errata RHSA-2025:11474 0 None None None 2025-07-21 16:58:50 UTC
Red Hat Product Errata RHSA-2025:12280 0 None None None 2025-07-30 09:51:07 UTC
Red Hat Product Errata RHSA-2025:12281 0 None None None 2025-07-30 09:50:30 UTC
Red Hat Product Errata RHSA-2025:12282 0 None None None 2025-07-30 09:43:04 UTC
Red Hat Product Errata RHSA-2025:12283 0 None None None 2025-07-30 09:47:28 UTC
Red Hat Product Errata RHSA-2025:14116 0 None None None 2025-08-20 00:16:32 UTC
Red Hat Product Errata RHSA-2025:14117 0 None None None 2025-08-20 00:18:43 UTC
Red Hat Product Errata RHSA-2025:14118 0 None None None 2025-08-20 00:20:46 UTC
Red Hat Product Errata RHSA-2025:14126 0 None None None 2025-08-20 01:57:46 UTC
Red Hat Product Errata RHSA-2025:14127 0 None None None 2025-08-20 04:14:47 UTC
Red Hat Product Errata RHSA-2025:15717 0 None None None 2025-09-11 19:40:00 UTC

Description OSIDB Bzimport 2025-06-25 18:01:18 UTC 
jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly large. jackson-core 2.15.0 contains a configurable limit for how deep Jackson will traverse in an input document, defaulting to an allowable depth of 1000. jackson-core will throw a StreamConstraintsException if the limit is reached. jackson-databind also benefits from this change because it uses jackson-core to parse JSON inputs. As a workaround, users should avoid parsing input files from untrusted sources.
Comment 2 errata-xmlrpc 2025-07-01 13:46:26 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.18-RHEL-9

Via RHSA-2025:10092 https://access.redhat.com/errata/RHSA-2025:10092
Comment 3 errata-xmlrpc 2025-07-01 14:28:26 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.17-RHEL-9

Via RHSA-2025:10097 https://access.redhat.com/errata/RHSA-2025:10097
Comment 4 errata-xmlrpc 2025-07-01 14:32:55 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.16-RHEL-9

Via RHSA-2025:10098 https://access.redhat.com/errata/RHSA-2025:10098
Comment 5 errata-xmlrpc 2025-07-01 14:54:23 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.15-RHEL-8

Via RHSA-2025:10104 https://access.redhat.com/errata/RHSA-2025:10104
Comment 6 errata-xmlrpc 2025-07-01 16:29:33 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.13-RHEL-8

Via RHSA-2025:10119 https://access.redhat.com/errata/RHSA-2025:10119
Comment 7 errata-xmlrpc 2025-07-01 16:35:18 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.12-RHEL-8

Via RHSA-2025:10118 https://access.redhat.com/errata/RHSA-2025:10118
Comment 8 errata-xmlrpc 2025-07-01 16:50:04 UTC 
This issue has been addressed in the following products:

  OCP-Tools-4.14-RHEL-8

Via RHSA-2025:10120 https://access.redhat.com/errata/RHSA-2025:10120
Comment 9 errata-xmlrpc 2025-07-21 16:58:39 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4.23

Via RHSA-2025:11474 https://access.redhat.com/errata/RHSA-2025:11474
Comment 10 errata-xmlrpc 2025-07-21 17:05:44 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2025:11473 https://access.redhat.com/errata/RHSA-2025:11473
Comment 23 errata-xmlrpc 2025-07-30 09:42:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:12282 https://access.redhat.com/errata/RHSA-2025:12282
Comment 24 errata-xmlrpc 2025-07-30 09:47:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:12283 https://access.redhat.com/errata/RHSA-2025:12283
Comment 25 errata-xmlrpc 2025-07-30 09:50:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:12281 https://access.redhat.com/errata/RHSA-2025:12281
Comment 26 errata-xmlrpc 2025-07-30 09:50:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:12280 https://access.redhat.com/errata/RHSA-2025:12280
Comment 27 errata-xmlrpc 2025-08-20 00:16:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:14116 https://access.redhat.com/errata/RHSA-2025:14116
Comment 28 errata-xmlrpc 2025-08-20 00:18:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:14117 https://access.redhat.com/errata/RHSA-2025:14117
Comment 29 errata-xmlrpc 2025-08-20 00:20:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:14118 https://access.redhat.com/errata/RHSA-2025:14118
Comment 30 errata-xmlrpc 2025-08-20 01:57:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:14126 https://access.redhat.com/errata/RHSA-2025:14126
Comment 31 errata-xmlrpc 2025-08-20 04:14:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:14127 https://access.redhat.com/errata/RHSA-2025:14127
Comment 33 errata-xmlrpc 2025-09-11 19:39:49 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6.12

Via RHSA-2025:15717 https://access.redhat.com/errata/RHSA-2025:15717
Note You need to log in before you can comment on or make changes to this bug.