CVE-2025-59328: 
Java vulnerability analysis and mitigation

A vulnerability (CVE-2025-59328) has been identified in Apache Fory affecting versions 0.5.0 through 0.12.1. This vulnerability was disclosed on September 15, 2025, and allows remote attackers to cause a Denial of Service (DoS) condition in systems using the affected versions of the Apache Fory library (Apache Security, OSS Security).

The vulnerability stems from insecure deserialization of untrusted data in Apache Fory. When processing specially crafted data payloads, the application performs excessive CPU consumption during the deserialization process. The severity of this vulnerability is rated as moderate, as it primarily affects system availability without compromising data confidentiality or integrity (Apache Security).

When exploited, this vulnerability can lead to CPU exhaustion, making the application or system using the Apache Fory library unresponsive and unavailable to legitimate users. This results in a denial of service condition that affects system availability (Apache Security).

Users are strongly advised to upgrade to Apache Fory version 0.12.2 or later to address this vulnerability. Additionally, developers of libraries and applications that depend on Apache Fory should update their dependency requirements to version 0.12.2 or later and release new versions of their software (Apache Security).