CVE-2022-25857: Denial of Service (DoS)
Published Aug 30, 2022
·Updated
Denial of Service (DoS)
Affected Software
6 affected componentsFixes available
maven/org.yaml:snakeyaml<1.31
1.31
Snakeyaml Project Snakeyaml<1.31
Debian Debian Linux=10.0
Microsoft cbl2 snakeyaml
redhat/org.yaml.snakeyaml<1.31
1.31
IBM watsonx.data intelligence<=5.2.0, 5.2.1, 5.3.0, 5.3.1
Remediation
Patch Available
Event History
Aug 30, 2022
CVE Published
via MITRE·05:05 AM
Data Sourced
via MITRE·05:05 AM
DescriptionSeverityWeakness
Aug 31, 2022
Advisory Published
via GitHub·12:00 AM
Sep 14, 2022
Data Sourced
via Red Hat·12:18 PM
DescriptionSeverityAffected Software
Oct 1, 2025
Data Sourced
via Microsoft·11:11 PM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·11:11 PM
Affected Software
Updated
via Microsoft·11:11 PM
DescriptionSeverity
Apr 27, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2022-25857.
2
What is the severity of CVE-2022-25857?
CVE-2022-25857 has a severity level of high.
3
Which software packages are affected by CVE-2022-25857?
The affected software packages are org.yaml:snakeyaml (versions up to 1.31), Debian Debian Linux 10.0, and IBM Disconnected Log Collector (versions up to v1.8.2).
4
What is the impact of CVE-2022-25857?
CVE-2022-25857 allows a remote attacker to cause a denial of service (DoS) by sending a specially-crafted request.
5
What is the recommended remediation for CVE-2022-25857?
To fix CVE-2022-25857, upgrade the affected software to a version that is not vulnerable, such as org.yaml:snakeyaml version 1.31 or higher.