Deserialization: A Practical Guide

Curated and synthesized by Carl Sampson. Last updated 2026-06-29. Synthesized from 102 of 102 curated resources. Browse all 102 Deserialization resources →

Problem Framing

Deserialization is a fundamental process in software development, enabling the reconstruction of data structures and objects from a serialized format. This is essential for tasks like persisting state, inter-process communication, and data transfer across networks. However, when applications deserialize data from untrusted or user-controlled sources without adequate validation, they become susceptible to a class of vulnerabilities known as insecure deserialization ^[1]^[2]^[3]^[4]^[5]^[6].

At its core, an insecure deserialization vulnerability allows an attacker to influence the deserialization process to achieve malicious outcomes. This typically involves crafting a serialized payload that, when processed by the application, triggers unintended code execution, data manipulation, or denial-of-service conditions ^[1]^[2]^[3]^[5]^[6]. The severity of these vulnerabilities stems from their potential to lead to Remote Code Execution (RCE), granting attackers significant control over the compromised system ^[7]^[2]^[8]^[3]^[9]^[4].

The OWASP Top Ten has consistently recognized insecure deserialization as a critical security risk, highlighting its prevalence and impact ^[10]^[1]^[9]^[4]. This vulnerability class is not confined to a single programming language; it spans Java, Python, .NET, PHP, Ruby, and others, each with its own specific mechanisms and exploitation vectors ^[1]^[2]^[11]^[4].

Core Mechanics

The deserialization process itself is not inherently insecure. The vulnerability arises from how it is implemented and the data it processes. At a high level, the process involves:

Serialization: An object's state is converted into a format (e.g., byte stream, JSON, XML) that can be stored or transmitted.
Transmission/Storage: The serialized data is sent over a network, read from a file, or retrieved from a database.
Deserialization: The application receives the serialized data and reconstructs the original object(s).

Insecure deserialization occurs when step 3 is performed on data that is untrusted or has been tampered with by an attacker, and the deserialization mechanism does not properly validate the data's integrity or type ^[2]^[3]^[5].

Deserialization Triggers

Deserialization can be triggered in various ways within an application:

Web Application Endpoints: Receiving serialized data via HTTP requests (e.g., in POST bodies, query parameters, cookies) ^[12]^[13]^[14]^[9]^[15].
Configuration Files: Loading configuration data that is deserialized, especially if it contains complex objects ^[16]^[17].
Message Queues: Processing serialized messages received from inter-service communication channels ^[18]^[19].
Session Management: Restoring user session state from serialized data stored in cookies or databases ^[20]^[15]^[21].
File Handling: Deserializing data from files, including archives like PHAR files in PHP ^[22]^[16].
Remote Method Invocation (RMI): Deserializing objects passed during RMI communication ^[23]^[24]^[25]^[26].

The Role of Gadgets and Gadget Chains

A critical aspect of many deserialization exploits is the concept of "gadgets" and "gadget chains." Gadgets are existing classes or methods within an application's dependencies (libraries, frameworks) that perform potentially dangerous operations. When an attacker crafts a serialized payload, they can leverage these gadgets to control program flow during deserialization ^[2]^[27]^[25]^[28]^[29]^[30]^[31].

A gadget chain is a sequence of method calls on these gadgets, orchestrated through deserialization, that ultimately leads to a "sink" method capable of executing arbitrary code or performing other malicious actions ^[2]^[27]^[25]^[28]^[30]^[4]. The deserialization process automatically invokes these chained methods, effectively turning legitimate code into an exploit vector ^[2]^[25]^[31].

For instance, in Java, a common exploit involves using ObjectInputStream.readObject() which can trigger custom readObject() methods. If a class's readObject() method uses reflection to call a method specified by an attacker-controlled field, this can lead to RCE ^[31]. Tools like ysoserial (Java) ^[32]^[28] and ysoserial.net (.NET) ^[33]^[34] are designed to generate payloads that exploit known gadget chains in various libraries.

Language-Specific Mechanisms

The specific mechanics vary by language:

Java: Relies on java.io.Serializable and ObjectInputStream.readObject(). Gadgets are often found in popular libraries like Apache Commons Collections, Spring, and Hibernate ^[32]^[25]^[28]^[30]^[31]^[26]^[35]. XStream and Jackson libraries are also common targets due to their handling of polymorphic types and XML/JSON input ^[36]^[12]^[37]^[26]^[35].
PHP: Exploits often target the unserialize() function, leveraging "magic methods" like __wakeup() and __destruct() to achieve code execution or other malicious actions ^[38]^[22]^[39]^[40]^[41]^[42]^[15]^[43]^[6]. PHAR deserialization via the phar:// stream wrapper is another significant vector ^[22]^[39]^[15].
Python: The pickle module is a primary target, as its loads() function can execute arbitrary code during deserialization via the __reduce__ method ^[44]^[45]^[2]^[46]^[47]^[48]^[49]^[42]^[21]^[50]. YAML parsing with unsafe loaders (e.g., yaml.load() without SafeLoader) is also a significant risk ^[45]^[51]^[16].
.NET: Common targets include BinaryFormatter, LosFormatter, NetDataContractSerializer, and ObjectStateFormatter, often found in ASP.NET ViewState processing or other serialization contexts ^[33]^[52]^[34]^[53]^[54]. Json.NET can also be vulnerable if TypeNameHandling is improperly configured ^[55].
Ruby: Exploitation often involves the Marshal module and its load() method, leveraging gadget chains that can execute arbitrary commands ^[56]^[57]^[58]^[59]^[60]^[15]. Insecure use of YAML.load is also a concern ^[56].

Notable Techniques

Deserialization vulnerabilities can be exploited through a variety of techniques, often tailored to the specific language, library, and application context.

Remote Code Execution (RCE) via Gadget Chains

This is the most severe impact of insecure deserialization. Attackers craft serialized objects that, when deserialized, trigger a sequence of method calls (gadget chains) leading to arbitrary code execution.

Java Commons Collections: A historically significant example is the Commons Collections gadget chain, which leverages classes like LazyMap and ChainedTransformer to execute commands via Runtime.exec() ^[27]^[25]^[28]^[30]^[31]^[26]^[61]^[35]. Tools like ysoserial provide numerous variations of this and other Java gadget chains.
PHP POP Chains: In PHP, attackers can use "Property-Oriented Programming" (POP) chains. By controlling object properties and leveraging magic methods, they can hijack application logic to achieve RCE ^[22]^[62]^[41]^[42]^[15]^[6].
Python __reduce__ Method: In Python's pickle, the __reduce__ method is crucial. Attackers define this method in a crafted class to specify arbitrary functions (like os.system) to be executed during deserialization ^[45]^[49]^[42]^[21]^[50].
.NET ObjectDataProvider: This gadget in .NET allows the invocation of arbitrary methods, including those that execute system commands, often through System.Diagnostics.Process ^[33]^[34]. TemplatesImpl is another Java gadget that can achieve similar RCE.

PHP `unserialize()` Exploitation

The unserialize() function in PHP is a common vector. By controlling the serialized string, attackers can instantiate classes with magic methods like __wakeup(), __destruct(), or __toString() that perform malicious actions, such as arbitrary file writes or command execution ^[40]^[41]^[42]^[15]^[6].

PHP PHAR Deserialization

The phar:// stream wrapper in PHP can be abused. PHAR archives contain metadata that is automatically deserialized when accessed via the wrapper. Attackers can place serialized objects in the metadata to trigger RCE ^[22]^[39]^[42]^[15].

.NET ViewState Exploitation

In ASP.NET applications, ViewState often contains serialized data. If the machine key protecting ViewState integrity is compromised or absent, attackers can craft malicious ViewState payloads to achieve RCE ^[52]^[13]^[63]^[53]^[61].

YAML Deserialization

Libraries like PyYAML in Python or SnakeYAML in Java can be vulnerable if they use unsafe loading mechanisms (e.g., yaml.load without SafeLoader). This allows attackers to inject malicious Python or Java objects ^[45]^[51]^[16].

Exploiting Specific Libraries/Frameworks

Certain libraries and frameworks have had widespread deserialization vulnerabilities:

Apache Struts: Historical vulnerabilities, particularly in the REST plugin using XStream, allowed RCE via XML deserialization ^[12]^[64]^[65].
Jackson (jackson-databind): Vulnerabilities arise from improper handling of polymorphic type information, allowing attackers to instantiate arbitrary classes ^[36]^[26]^[35].
Spring for Apache Kafka: Vulnerabilities could exist if specific configurations are applied, allowing malicious serialized objects in error handling headers ^[66].
React Server Components (RSC): The "Flight" protocol in React 19 and related frameworks has been identified with vulnerabilities due to unsafe deserialization of RSC payloads ^[67].
Cisco ISE: Insecure Java deserialization has been found in Cisco Identity Services Engine ^[23]^[68].
IBM WebMethods: Deserialization vulnerabilities have been disclosed, allowing RCE for authenticated users ^[69].
Microsoft SharePoint: Several RCE vulnerabilities have been identified related to deserialization of untrusted data, often via ViewState or other mechanisms ^[13]^[70]^[63]^[71]^[54].
Wazuh: A critical RCE exists via unsafe JSON deserialization in cluster communication, allowing arbitrary module imports and function execution ^[19].
Hugging Face/Python ML Models: The widespread use of pickle for serializing ML models presents significant risks, as poisoned models can lead to RCE. Vulnerabilities in scanning tools like PickleScan have also been discovered ^[46]^[72]^[73]^[49]^[14]^[61].

Detection & Prevention

Detecting and preventing insecure deserialization requires a multi-layered approach, focusing on both static analysis and runtime monitoring.

Detection Strategies

Static Analysis (SAST): Scan source code for dangerous deserialization functions (e.g., unserialize(), pickle.loads(), ObjectInputStream.readObject(), Convert.DeserializeObject()) and analyze how the input to these functions is handled. Look for patterns where user-controlled data is passed directly to deserialization sinks ^[41]^[11]^[42]^[15]^[43].
Dependency Scanning: Identify libraries and frameworks with known deserialization vulnerabilities or common gadget chains. Ensure dependencies are up-to-date ^[72]^[73]^[49].
Dynamic Analysis (DAST): Actively test running applications by sending malformed or crafted serialized payloads to identify vulnerabilities. Tools like Burp Suite can help identify serialized data in HTTP traffic ^[15].
Runtime Monitoring: Monitor application logs for deserialization-related errors, exceptions, or unusual activity. Observe network traffic for patterns indicative of serialized payloads, especially large or unexpected data structures ^[74]^[70]^[16]^[75]^[5].
Behavioral Analysis: Monitor process behavior. For example, unexpected process creation from application servers (like w3wp.exe or Java processes) can indicate RCE from deserialization exploits ^[74]^[70]^[16]^[19].

Prevention and Mitigation

Avoid Deserializing Untrusted Data: This is the most critical and effective mitigation. Redesign applications to use safer data formats like JSON, XML, or Protocol Buffers for data exchange, especially between different trust boundaries ^[1]^[2]^[20]^[3]^[11]^[9]^[4]^[42]^[21]^[6].
Use Secure Serialization Formats: When native serialization is unavoidable, opt for formats that do not allow arbitrary code execution or class instantiation.
Implement Integrity Checks: For serialized data from untrusted sources, use digital signatures or cryptographic hashes (e.g., HMAC) to verify data integrity before deserialization. Ensure the signature is validated before deserialization occurs ^[1]^[2]^[20]^[9]^[4].
Strict Type Constraints / Allowlisting: Configure deserialization libraries to only accept a predefined list of trusted classes. This acts as a powerful filter against unknown gadget chains ^[1]^[2]^[64]^[20]^[11]^[75]^[5]. In Java, ObjectInputStream.resolveClass() can be overridden or jdk.serialFilter can be used ^[11]^[75]^[35]. For JSON.NET, TypeNameHandling = TypeNameHandling.None or a custom ISerializationBinder is recommended ^[55].
Secure Configuration Defaults: Ensure that serialization libraries are configured securely by default. For example, PyYAML should use SafeLoader, and Jackson should disable polymorphic type handling unless explicitly required and secured ^[16]^[55]^[26].
Update Dependencies: Keep all serialization libraries, frameworks, and application dependencies patched and up-to-date to benefit from security fixes that address known gadget chains ^[2]^[20]^[31]^[5].
Principle of Least Privilege: Run deserialization processes in environments with minimal privileges. This limits the impact of a successful RCE by constraining the attacker's actions ^[1]^[2]^[20]^[5].
Input Validation and Sanitization: While not a complete solution for deserialization, rigorously validating and sanitizing inputs before they are used in any capacity, including deserialization contexts, is a foundational security practice ^[1]^[2]^[20]^[75]^[4].
Disable Dangerous Serializers: For .NET, avoid BinaryFormatter entirely, as it is fundamentally insecure and cannot be made safe ^[33]^[53]^[76].

Tooling

A variety of tools aid in identifying, analyzing, and exploiting deserialization vulnerabilities.

ysoserial: A comprehensive Java payload generator for exploiting unsafe deserialization vulnerabilities, featuring a wide array of gadget chains ^[32]^[28]^[26]^[35].
ysoserial.net: The .NET equivalent of ysoserial, capable of generating payloads for various .NET serialization formats and gadget chains ^[33]^[34]^[53].
Burp Suite Professional: Features scanner rules that can automatically detect serialized data in HTTP traffic and integrate with tools like ysoserial ^[35]^[15].
jdeserialize: A tool to convert Java serialized objects into a human-readable format, aiding in analysis ^[14].
gadgetprobe: A tool for hunting deserialization vulnerabilities by analyzing Java classpaths for gadget chains ^[35].
marshalsec: Similar to ysoserial, provides utilities for analyzing and exploiting Java deserialization vulnerabilities ^[26]^[35].
phpggc: A tool for generating PHP deserialization payloads, supporting various frameworks like Monolog, Symfony, and Laravel ^[39].
Jackson-dataformat-xml: For XML serialization/deserialization with Jackson, also requires careful configuration to avoid vulnerabilities ^[26]^[35].
SnakeYAML: A Java YAML parser that can be vulnerable if not configured with SafeLoader ^[16]^[26].
PickleScan: A tool for scanning Python pickle files for malicious content, though it has had its own bypass vulnerabilities ^[46]^[72]^[73].
Radare2 with r2pickledec: Tools for disassembling and analyzing Python pickle files ^[50].

Recent Developments

The landscape of deserialization vulnerabilities continues to evolve, with new targets and exploitation techniques emerging.

React Server Components (RSC) Vulnerability: The introduction of RSC in React 19 and frameworks like Next.js led to the discovery of critical RCE vulnerabilities due to unsafe deserialization of the "Flight" protocol payload ^[67].
AI/ML Model Supply Chain Poisoning: The prevalent use of Python's pickle for serializing Machine Learning models on platforms like Hugging Face has created a significant attack surface. Attackers can embed malicious code within models, leading to RCE when loaded. Vulnerabilities have also been found in tools designed to scan for such malicious models (e.g., PickleScan) ^[46]^[72]^[73]^[49]^[14].
Shadow Vulnerabilities: Exploitable deserialization flaws can exist in transitive dependencies, remaining hidden from direct code review or basic dependency scanning. These "shadow vulnerabilities" become apparent only at runtime ^[16].
.NET ViewState and SharePoint RCE: Ongoing research continues to uncover critical RCE vulnerabilities in .NET applications, particularly in how ViewState is handled in Microsoft SharePoint, often with active exploitation in the wild ^[13]^[70]^[63]^[71]^[54].
YAML and Configuration Security: Vulnerabilities in document parsing frameworks (e.g., Docling) leveraging insecure YAML deserialization highlight that even configuration handling can be a vector ^[16].
Language-Agnostic Deserialization Hunting: The emergence of tools and methodologies for systematically hunting deserialization exploits across various languages and protocols aims to improve detection capabilities beyond known gadget chains ^[61].

Where to Go Deeper

For practitioners seeking to deepen their understanding and improve their defensive strategies against deserialization vulnerabilities, the following resources are highly recommended:

OWASP Deserialization Cheat Sheet: Provides comprehensive guidance on understanding and mitigating deserialization risks across various languages and formats ^[11]^[5]^[6].
ysoserial and ysoserial.net Repositories: Examining the source code and documentation of these payload generation tools offers insight into common gadget chains and exploitation techniques ^[32]^[33]^[28]^[34].
PortSwigger Web Security Academy: Offers detailed explanations and practical labs for identifying and exploiting insecure deserialization vulnerabilities in PHP, Ruby, and Java ^[15]^[43]^[6].
Academic Research Papers: Studies on gadget chain mining, automated detection, and specific language vulnerabilities provide in-depth technical analysis ^[77]^[78]^[79]^[30]^[80].
Vendor Security Advisories and Blogs: Following security researchers and vendors (e.g., Snyk, Mandiant, SentinelOne, Check Point) provides timely information on newly discovered vulnerabilities, exploits, and mitigation strategies ^[67]^[74]^[69]^[23]^[68]^[66]^[13]^[70]^[63]^[8]^[16]^[72]^[56]^[81]^[71]^[19]^[82]^[17]^[75]^[54]^[83].
Black Hat and DEF CON Presentations: Talks from security conferences often delve into cutting-edge research on deserialization exploits and defensive techniques ^[37]^[84]^[85]^[51]^[25]^[58]^[4].

Sources cited in this guide

Prevent insecure deserialization attacks (Veracode) — docs.veracode.com
Insecure Deserialization - Attack Technique (vuln.today) — vuln.today
Deserialization Attacks: How Exploiting Data Formats Can Break Security — firecompass.com
Insecure Deserialization: The Vulnerability That Gives Attackers RCE — aquilax.ai
Insecure Deserialization | OWASP — owasp.org
Insecure deserialization | Web Security Academy — portswigger.net
Apache Struts vulnerability leads to RCE — medium.com
SolarWinds Web Help Desk Deserialization Vulnerability — cybersecuritynews.com
Insecure Deserialization in Web Applications — invicti.com
Insecure Deserialization Vulnerabilities — Acunetix — acunetix.com
OWASP Deserialization Cheat Sheet — cheatsheetseries.owasp.org
Apache Struts2 Code Execution Exploit (Infopercept) — infopercept.com
ViewState Deserialization Zero-Day in Sitecore (CVE-2025-53690) — cloud.google.com
Insecure Deserialization Tutorial and Examples — learn.snyk.io
Exploiting Insecure Deserialization Vulnerabilities | PortSwigger — portswigger.net
Docling RCE via PyYAML (CVE-2026-24009) — oligo.security
IBM Langflow Desktop RCE via Insecure Deserialization — thehackerwire.com
Python-socketio: Pickle deserialization RCE advisory — github.com
CVE-2026-25769: Wazuh Critical RCE via Unsafe Deserialization — resecurity.com
Insecure Deserialization: Risks, Examples, and Best Practices — promon.io
Introduction to Deserialization Attacks — owlhacku.com
How to Exploit PHAR Deserialization Vulnerability — pentest-tools.com
Cisco ISE Insecure Java Deserialization — Cisco Docs — cisco.com
CVE-2026-33728: dd-trace-java Unsafe Deserialization in RMI — advisories.gitlab.com
Java Deserialization Gadget Chains Explained — klogixsecurity.com
Java Deserialization Cheat Sheet — github.com
Deserialization Gadget Chain Definition — pentesterlab.com
ysoserial: Java Deserialization Payload Generator — github.com
Deserialization Bugs in the Wild — medium.com
An In-depth Study of Java Deserialization RCE Exploits — dl.acm.org
Deserialization Vulnerabilities in Java — baeldung.com
CVE-2025-24813 PoC: Apache Tomcat Java Deserialization — github.com
PayloadsAllTheThings: Insecure Deserialization DotNET — github.com
ysoserial.net: Deserialization Payload Generator for .NET — github.com
PayloadsAllTheThings - Java Deserialization Payloads — github.com
Jackson deserialization vulnerability exploit (3 gadgets, GitHub) — github.com
Friday the 13th JSON Attacks (Black Hat) — blackhat.com
picoCTF Super Serial Writeup: PHP Object Injection Explained Clearly — medium.com
PayloadsAllTheThings - PHP Deserialization Payloads — github.com
What is PHP Object Injection? An In-Depth Guide — jetpack.com
PHP Object Injection Research — sonarsource.com
Insecure Deserialization Explained with Examples — thehackerish.com
Insecure DeserializationWeb ChallengesPart 1 — medium.com
Python-Pickle-RCE-Exploit + vulnerable Flask App (GitHub) — github.com
PayloadsAllTheThings: Insecure Deserialization Python — github.com
The Art of Hide and Seek: Pickle-Based Model Supply Chain Poisoning — arxiv.org
Security in Python Deserialization: Safe Pickle Alternatives 2025 — johal.in
Breaking Pickle: RCE Through Python Deserialization — medium.com
Pickle Deserialization in ML Pipelines: The RCE That Won't Go Away — afine.com
Reversing Pickles with r2pickledec — blog.doyensec.com
SnakeYAML Deserialization Deep Dive (CVE-2022-1471) — greynoise.io
Deep Dive into .NET ViewState Deserialization — swapneildash.medium.com
.NET Deserialization Cheat Sheet — github.com
CVE-2025-34153: Hyland OnBase RCE via Deserialization — sentinelone.com
.NET JSON.NET Deserialization RCE — invicti.com
PayloadsAllTheThings - Ruby Deserialization Payloads — github.com
Ruby Vulnerabilities: Exploiting Open, Send, and Deserialization — bishopfox.com
Marshal Madness: A Brief History of Ruby Deserialization Exploits — blog.trailofbits.com
Lab: Exploiting Ruby Deserialization Using a Documented Gadget Chain | PortSwigger — portswigger.net
Ruby 2.x Universal RCE Deserialization Gadget Chain | elttam — elttam.com
Now You Serial, Now You Don't — Systematically Hunting for Deserialization Exploits | Google Cloud — cloud.google.com
Exploiting PHP Deserialization with POP Chains — medium.com
SharePoint Zero-Day CVE-2025-53770 Actively Exploited — blog.checkpoint.com
Depickling, Gadgets, and Chains: The Exploit That Unraveled Equifax — brandur.org
Exploiting Apache Struts: Writing Better Detections (Gigamon) — blog.gigamon.com
CVE-2023-34040: Spring-Kafka Java Deserialization — spring.io
Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182) — snyk.io
Cisco ISE Insecure Java Deserialization (CVE-2025-20124) — sec.cloudapps.cisco.com
IBM webMethods Integration CVE-2025-36072: Deserialization RCE — zeropath.com
CVE-2026-20963: SharePoint Deserialization RCE Analysis — securityboulevard.com
Microsoft SharePoint Deserialization RCE (CVE-2026-26114) — thehackerwire.com
PyTorch Users at Risk: 3 Zero-Day PickleScan Vulnerabilities — jfrog.com
Exposing 4 Critical Vulnerabilities in Python Picklescan — sonatype.com
WSUS Deserialization Exploit in the Wild (CVE-2025-59287) — research.eye.security
CVE-2025-12305: Shiyi-blog RCE via Deserialization — sentinelone.com
BinaryFormatter Deserialization Security Guide for .NET — learn.microsoft.com
Precise and Effective Gadget Chain Mining through Deserialization-Guided Call Graph Construction (USENIX Security 2025) — usenix.org
Gleipner: A Benchmark for Gadget Chain Detection in Java Deserialization Vulnerabilities — dl.acm.org
Deserialization Gadget Chains in Android: An In-Depth Study — arxiv.org
Analyzing Prerequisites of Known Deserialization Vulnerabilities on Java Applications — dl.acm.org
DELMIA Apriso Insecure Deserialization Exploited in the Wild (CVE-2025-5086) — sonicwall.com
U-Office Force Critical RCE via Insecure Deserialization (CVE-2026-3422) — thehackerwire.com
CVE-2025-42928: SAP jConnect RCE via Deserialization — sentinelone.com
Automated Discovery of Deserialization Gadget Chains (Black Hat) — i.blackhat.com
Java Deserialization Tricks - Synacktiv — synacktiv.com

📚 This guide is synthesized from the full text of resources curated in the Deserialization library, and refreshed as new material is added.