CWE-502

LLMs generate deserialization code (pickle, Java ObjectInputStream, JSON.parse with revivers) without input validation, enabling remote code execution....

Verified by Precogs Threat Research
BASE SCORE
7.5 CRITICAL

Precogs AI Insight

"Precogs AI detects unsafe deserialization in AI-generated code and recommends safe alternatives with type validation."

EXPLOIT PROBABILITYHigh
PUBLIC POCAvailable

What is CWE-502 (Deserialization of Untrusted Data)?

LLMs generate deserialization code (pickle, Java ObjectInputStream, JSON.parse with revivers) without input validation, enabling remote code execution.

Vulnerability Insights

In the context of vulnerabilities in ai-generated code, this vulnerability poses significant risk because compiled binaries and complex AI logic cannot be easily patched without vendor cooperation. Organizations relying on third-party software must use structural analysis tools to detect these flaws.

Impact on Systems

  • Compromise of Application Integrity: Predictable execution flow is disrupted
  • Potential Data Exposure: Depending on context, sensitive configurations may leak
  • Availability Risks: Unexpected states leading to temporary denial of service

Real-World Attack Scenario

An attacker probes the system interfaces to identify areas where the input or state related to Deserialization of Untrusted Data is improperly handled. Once identified, they craft a payload tailored to the specific backend architecture. By exploiting the lack of robust structural validation, the attacker is able to force the application into an unintended state, bypassing standard business logic and achieving unauthorized outcomes.

Code Examples

Vulnerable Implementation

// VULNERABLE: Unvalidated input leading to Deserialization of Untrusted Data
function processInput(data) {
    // Missing strict validation or sanitization
    executeOrStoreConfig(data);
}

Secure Alternative

// SECURE: Proper validation mitigating Deserialization of Untrusted Data
function processInput(data) {
    if (!isValid(data)) throw new Error('Invalid input');
    const safeData = sanitize(data);
    executeOrStoreConfig(safeData);
}

Remediation

Ensure robust input validation, boundary checking, and adherence to secure architecture frameworks when designing AI-Generated Code solutions. Use automated code scanning or binary analysis to detect flaws early in the SDLC.

CVEs Classified Under CWE-50225 vulnerabilities

The following CVEs have been classified under CWE-502 (Deserialization of Untrusted Data). Each CVE represents a specific vulnerability instance of this weakness type.

CVE-2025-54136Remote Code Execution in Cursor AI Code Editor via malicious MCP servers
CVSS 9.8CRITICALMar 21, 2026
CVE-2025-68664LangChain Serialization Injection Flaw — Secret extraction via unsafe deserialization
CVSS 9.8CRITICALMar 21, 2026
CVE-2024-12703Deserialization of Untrusted Data — Classic RCE pattern
CVSS 9.8CRITICALMar 21, 2026
CVE-2025-27779LangChain Deserialization of Untrusted Data
CVSS 9.8CRITICALMar 21, 2026
CVE-2025-49113RoundCube Webmail Deserialization Remote Code Execution
CVSS 9.8CRITICALMar 21, 2026
CVE-2025-61882Oracle EBS Zero-Day — Pre-authentication RCE in BI Publisher
CVSS 9.8CRITICALMar 21, 2026
CVE-2025-60237Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection
CVSS 9.8CRITICALMar 19, 2026
CVE-2025-60233Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection
CVSS 9.8CRITICALMar 19, 2026
CVE-2026-25873OmniGen2-RL contains an unauthenticated remote code execution vulnerability in the reward server component that allows remote attackers to execute arbitrary commands by sending malicious HTTP POST requests
CVSS 9.8CRITICALMar 18, 2026
CVE-2026-25449Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection
CVSS 9.8CRITICALMar 18, 2026
CVE-2026-0500SAP Wily Introscope Unsafe Deserialization RCE
CVSS 9.6CRITICALMar 21, 2026
CVE-2025-47277[vllm] Remote Code Execution via PyNcclPipe Communication Service
CVSS 9.5CRITICALMay 20, 2025
CVE-2025-29783[vllm] Remote Code Execution via Mooncake Integration
CVSS 9.5CRITICALMar 19, 2025
CVE-2026-25769Wazuh is a free and open source platform used for threat prevention, detection, and response
CVSS 9.1CRITICALMar 17, 2026
CVE-2025-71260BMC FootPrints ITSM versions 20
CVSS 8.8HIGHMar 19, 2026
CVE-2026-25445Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection
CVSS 8.8HIGHMar 19, 2026
CVE-2025-54920This issue affects Apache Spark: before 3
CVSS 8.8HIGHMar 16, 2026
CVE-2026-27096Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection
CVSS 8.1HIGHMar 19, 2026
CVE-2025-62164[vllm] prompt_embeds deserialization allows DoS and potential RCE
CVSS 8HIGHNov 20, 2025
CVE-2025-9141[vllm] Remote code execution in the vllm tool call parser for Qwen3-Coder
CVSS 8HIGHAug 20, 2025
CVE-2025-30165[vllm] Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
CVSS 8HIGHMay 6, 2025
CVE-2025-24357[vllm] Malicious model to RCE by torch
CVSS 8HIGHJan 27, 2025
CVE-2026-0677Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection
CVSS 7.2HIGHMar 20, 2026
CVE-2026-4860CVE-2026-4860: Unsafe Deserialization in wvp-GB28181-pro
HIGHMar 26, 2026
CVE-2026-29109SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application
CVSS 0UNKNOWNMar 20, 2026