Alibaba - Fastjson - CRITICAL - CVE-2025-70974. Fastjson versions prior to 1.2.48 have a significant vulnerability in the autoType feature. When an @type key is present in a JSON document with a Java class name as its value, this may result in unintended calls to public methods of that class. If these methods behave in a certain manner, they can become susceptible to JNDI injection attacks if an attacker embeds a malicious payload within the JSON document. This flaw is particularly concerning due to its exploitation in multiple incidents from 2023 to 2025, highlighting the need for updating to the latest version to mitigate risks. This issue arises from an incomplete resolution of a previous vulnerability, indicating a need for comprehensive security assessments.