Java deserialization vulnerabilities remain a critical security threat, with existing detection tools facing significant challenges in generating functional exploit payloads due to semantic blindness and constraint complexity. This paper presents LLM-JDFuzz, the framework that leverages Large Language Models for automated Java deserialization payload generation. By reframing payload generation as a constraint-aware code synthesis problem, LLM-JDFuzz introduces three key innovations: (1) an Autoprompting engine that transforms Gadget Chain specifications into structured natural language instructions, (2) an adaptive multi-strategy fuzzing loop that dynamically selects between generation, mutation, and semantic exploration based on execution feedback, and (3) a fine-grained feedback mechanism that performs error classification and root cause attribution to guide iterative refinement. We evaluate LLM-JDFuzz on 34 Gadget Chains from the ysoserial benchmark. Results show that LLM-JDFuzz achieves a 70.6% success rate. While maintaining comparable effectiveness to the state-of-the-art static tool JDD, LLM-JDFuzz demonstrates superior performance in processing cross-language scripting engine chains and achieves a 4× improvement in generation efficiency. Our work demonstrates that LLMs possess inherent semantic understanding capabilities for security-critical code generation, opening new research directions for AI-assisted vulnerability exploitation.
Su et al. (Thu,) studied this question.