CVE-2025-67221 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-67221 Interim 1 1 2026-03-05T00:26:11Z current 2026-03-05T00:26:11Z 2026-03-05T00:26:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-67221 The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 openSUSE Tumbleweed python-orjson python311-orjson-3.11.5-1.1 python312-orjson-3.11.5-1.1 python313-orjson python313-orjson-3.11.5-1.1 python311-orjson-3.11.5-1.1 as a component of openSUSE Tumbleweed python312-orjson-3.11.5-1.1 as a component of openSUSE Tumbleweed python313-orjson-3.11.5-1.1 as a component of openSUSE Tumbleweed python313-orjson as a component of SUSE Linux Enterprise Server 16.0 python-orjson as a component of SUSE Linux Enterprise Server 16.0 python313-orjson as a component of SUSE Linux Enterprise Server for SAP applications 16.0 python-orjson as a component of SUSE Linux Enterprise Server for SAP applications 16.0 The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents. CVE-2025-67221 openSUSE Tumbleweed:python311-orjson-3.11.5-1.1 openSUSE Tumbleweed:python312-orjson-3.11.5-1.1 openSUSE Tumbleweed:python313-orjson-3.11.5-1.1 moderate 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H