Critical Apache bRPC Vulnerability Lets Attackers Crash Servers with Malicious JSON

"Patch your Apache bRPC now! Fix CVE-2025-59789 to prevent server crashes from deeply nested JSON exploits. Update to version 1.15.0 today."

By Content Team

Dec 1, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A critical security flaw (CVE-2025-59789) in Apache bRPC framework allows remote attackers to crash servers by sending deeply nested JSON data. The vulnerability affects all versions before 1.15.0 and exploits the json2pb component's recursive parsing method, causing stack overflow crashes.

Servers handling HTTP+JSON requests from untrusted networks are particularly at risk. Apache has released version 1.15.0 with a complete fix, plus an official GitHub patch for immediate deployment.

The fix introduces a default recursion depth limit of 100, which administrators can adjust. Security teams should patch immediately to prevent denial-of-service attacks.

Source: Cyber Security News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Russian Hackers Target UK Internet Routers for Espionage Operations

Apr 9, 2026

Cryptocurrency Gateway Guardarian Hit by Sophisticated Supply Chain Attack

Apr 6, 2026

Ransomware Groups Targeting Industrial Systems Surge 49% in 2025

Feb 18, 2026

Hims Telehealth Breach Exposes Highly Sensitive Patient Data

Apr 11, 2026