CVE-2025-67221 — Vulnetix

CVE-2025-67221 PUBLISHED CVSS 7.5 HIGH

orjson does not limit recursion for deeply nested JSON documents

EPSS 0.03% · 8.7th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.03%

8.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
PyPI	orjson	0
ijl	orjson	0

Timeline

Jan 22, 2026 CVE Published
Jan 23, 2026 EPSS Score
Jan 23, 2026 PoC Published
Jan 24, 2026 PoC Published
Jan 24, 2026 PoC Published
Jan 24, 2026 PoC Published
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 2, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 8, 2026 EPSS Score

References

https://github.com/kpatsakis/orjson_vulnerability url
https://github.com/ijl/orjson url
https://nvd.nist.gov/vuln/detail/CVE-2025-67221 advisory
https://github.com/ijl/orjson/issues/620 url
https://github.com/kpatsakis/CVE-2025-67221/issues/1 url
https://github.com/ijl/orjson/commit/62bb185b70785ded49c79c26f8c9781f1e6fe370 url
https://www.ibm.com/support/pages/node/7271707 advisory
https://www.ibm.com/support/pages/node/7271922 advisory
https://www.ibm.com/support/pages/node/7271681 advisory
https://www.ibm.com/support/pages/node/7271765 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37451 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37445 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37460 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37449 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37450 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37466 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37468 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37444 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37461 advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37459 advisory

…and 19 more

Open in Interactive Console →