CVE-2022-25369
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-01-26

Assigner: MITRE

Description
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2022-25369
EUVD
EUVD-2022-30040
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dynamicweb dynamicweb to 9.12.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-25369 is a critical logic flaw in Dynamicweb versions before 9.12.8 that allows an unauthenticated attacker to add a new administrator user. This happens because the system improperly validates whether the setup phases can be rerun, enabling unauthorized privilege escalation. After creating and authenticating as the new admin user, the attacker can upload a web shell and execute commands remotely on the affected system. [1]

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to gain administrator access without authentication. Once they have admin privileges, they can upload executable files and achieve remote code execution on the system. This can lead to full system compromise, data theft, data manipulation, service disruption, and potentially further attacks within the network. [1]

Detection Guidance

Detection of this vulnerability involves checking if your Dynamicweb installation is running a version prior to 9.12.8 and verifying if unauthorized administrator accounts have been added. Since the flaw allows an attacker to add a new admin user without authentication, you can audit the list of administrator users for any suspicious or unknown accounts. Additionally, monitoring for unusual file uploads, especially executable files or web shells, can help detect exploitation attempts. Specific commands depend on your system environment, but generally, you can query the Dynamicweb user database or administration panel for new admin users. Network monitoring tools can be used to detect unusual HTTP POST requests that attempt to rerun setup phases or upload files. Unfortunately, no exact commands are provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading your Dynamicweb installation to a fixed version at or above 9.12.8 (or one of the other fixed versions such as 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, or 9.13.0). Until the upgrade can be performed, restrict access to the setup phases of the product to trusted administrators only, and monitor for any unauthorized administrator account creation or suspicious file uploads. Applying vendor patches promptly is critical to prevent exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-25369. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart