CVE-2022-25369
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-01-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dynamicweb | dynamicweb | to 9.12.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-25369 is a critical logic flaw in Dynamicweb versions before 9.12.8 that allows an unauthenticated attacker to add a new administrator user. This happens because the system improperly validates whether the setup phases can be rerun, enabling unauthorized privilege escalation. After creating and authenticating as the new admin user, the attacker can upload a web shell and execute commands remotely on the affected system. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to gain administrator access without authentication. Once they have admin privileges, they can upload executable files and achieve remote code execution on the system. This can lead to full system compromise, data theft, data manipulation, service disruption, and potentially further attacks within the network. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if your Dynamicweb installation is running a version prior to 9.12.8 and verifying if unauthorized administrator accounts have been added. Since the flaw allows an attacker to add a new admin user without authentication, you can audit the list of administrator users for any suspicious or unknown accounts. Additionally, monitoring for unusual file uploads, especially executable files or web shells, can help detect exploitation attempts. Specific commands depend on your system environment, but generally, you can query the Dynamicweb user database or administration panel for new admin users. Network monitoring tools can be used to detect unusual HTTP POST requests that attempt to rerun setup phases or upload files. Unfortunately, no exact commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading your Dynamicweb installation to a fixed version at or above 9.12.8 (or one of the other fixed versions such as 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, or 9.13.0). Until the upgrade can be performed, restrict access to the setup phases of the product to trusted administrators only, and monitor for any unauthorized administrator account creation or suspicious file uploads. Applying vendor patches promptly is critical to prevent exploitation. [1]