CVE-2022-25757— Apache APISIX: the body_schema check in request-validation plugin can be bypassed
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-25757
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache APISIX: the body_schema check in request-validation plugin can be bypassed
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Apisix 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Apisix是美国阿帕奇(Apache)基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现,具备动态路由和插件热加载,适合微服务体系下的 API 管理。 Apache Apisix 2.13.0 之前存在输入验证错误漏洞,攻击者可以绕过 request-validation 插件中的 body_schema 验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache APISIX | Apache APISIX ~ 2.12.1 | - |
II. Public POCs for CVE-2022-25757
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-25757
请登录查看更多情报信息。
- https://lists.apache.org/thread/03vd2j81krxmpz6xo8p1dl642flpo6fvx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-25757
IV. Related Vulnerabilities
Same product: Apache APISIX
- CVE-2026-31923
Apache APISIX: Openid-connect `tls_verify` field is disabled - CVE-2026-31924
Apache APISIX: Plugin tencent-cloud-cls log export uses plai - CVE-2026-31908
Apache APISIX: forward auth plugin allows header injection - CVE-2025-62232
Apache APISIX: basic-auth logs plaintext credentials at info - CVE-2025-46647
Apache APISIX: improper validation of issuer from introspect
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-20
V. Comments for CVE-2022-25757
No comments yet