Back to KEVs

CVE-2022-22947

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 10, 2022
Published Date: March 03, 2022
Last Updated: January 29, 2025
Vendor: n/a
Product: Spring Cloud Gateway
Description: In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

CVSS Scores

CVSS v3.1

10.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-05-16 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2022-03-04 05:26:33 UTC) Source

References

https://tanzu.vmware.com/security/cve-2022-22947 https://www.oracle.com/security-alerts/cpuapr2022.html http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html https://www.oracle.com/security-alerts/cpujul2022.html http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-05-16 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/spring_cloud_gateway_rce.rb	2025-04-29 11:01:15 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22947.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

spring_cloud_gateway_rce

Type: metasploit • Created: Unknown

Metasploit module for CVE-2022-22947

Le1a/CVE-2022-22947

Type: github • Created: 2023-05-26 11:52:22 UTC • Stars: 2

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行Exp

Zh0um1/CVE-2022-22947

Type: github • Created: 2023-02-07 01:59:01 UTC • Stars: 26

CVE-2022-22947注入哥斯拉内存马

SiJiDo/CVE-2022-22947

Type: github • Created: 2022-08-23 06:38:46 UTC • Stars: 8

LY613313/CVE-2022-22947

Type: github • Created: 2022-08-03 02:51:26 UTC • Stars: 3

stayfoolish777/CVE-2022-22947-POC

Type: github • Created: 2022-06-08 09:52:23 UTC • Stars: 2

批量检测Spring Cloud Gateway 远程代码执行漏洞 Spring_Cloud_Gateway_RCE_POC-CVE-2022-22947

anansec/CVE-2022-22947_EXP

Type: github • Created: 2022-05-19 14:58:45 UTC • Stars: 5

一个可单独、批量验证的脚本，也可以反弹shell

0730Nophone/CVE-2022-22947-

Type: github • Created: 2022-05-16 15:27:41 UTC • Stars: 53

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行（CVE-2022-22947）注入哥斯拉内存马

4nNns/CVE-2022-22947

Type: github • Created: 2022-04-06 09:40:05 UTC • Stars: 12

Spring-Cloud-Spel-RCE

Nathaniel1025/CVE-2022-22947

Type: github • Created: 2022-03-25 12:43:53 UTC • Stars: 1

poc for CVE-2022-22947

Wrin9/CVE-2022-22947

Type: github • Created: 2022-03-17 09:12:51 UTC • Stars: 13

CVE-2022-22947_POC_EXP

Arrnitage/CVE-2022-22947_exp

Type: github • Created: 2022-03-10 03:51:47 UTC • Stars: 6

CVE-2022-22947 Exploit script

0x7eTeam/CVE-2022-22947

Type: github • Created: 2022-03-08 09:32:36 UTC • Stars: 35

CVE-2022-22947_EXP,CVE-2022-22947_RCE,CVE-2022-22947反弹shell,CVE-2022-22947 getshell

mrknow001/CVE-2022-22947

Type: github • Created: 2022-03-07 16:24:42 UTC • Stars: 7

Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)

M0ge/CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE

Type: github • Created: 2022-03-07 07:24:13 UTC • Stars: 13

Spring Cloud Gateway远程代码执行漏洞POC，基于命令执行的基础上，增加了反弹shell操作

22ke/CVE-2022-22947

Type: github • Created: 2022-03-05 06:19:46 UTC • Stars: 2

hunzi0/CVE-2022-22947-Rce_POC

Type: github • Created: 2022-03-04 14:58:02 UTC • Stars: 7

批量url检测Spring-Cloud-Gateway-CVE-2022-22947

dbgee/CVE-2022-22947

Type: github • Created: 2022-03-04 09:47:55 UTC • Stars: 2

Spring Cloud Gateway Actuator API 远程命令执行 CVE-2022-22947

tangxiaofeng7/CVE-2022-22947-Spring-Cloud-Gateway

Type: github • Created: 2022-03-04 06:38:26 UTC • Stars: 71

CVE-2022-22947批量

BerMalBerIst/CVE-2022-22947

Type: github • Created: 2022-03-04 05:26:33 UTC • Stars: 0

Exp

Summer177/Spring-Cloud-Gateway-CVE-2022-22947

Type: github • Created: 2022-03-04 02:36:02 UTC • Stars: 0

Spring Cloud Gateway远程代码执行漏洞

Greetdawn/CVE-2022-22947

Type: github • Created: 2022-03-04 02:27:50 UTC • Stars: 5

crowsec-edtech/CVE-2022-22947

Type: github • Created: 2022-03-03 18:26:18 UTC • Stars: 39

Spring Cloud Gateway < 3.0.7 & < 3.1.1 Code Injection (RCE)

Axx8/CVE-2022-22947_Rce_Exp

Type: github • Created: 2022-03-03 13:13:02 UTC • Stars: 76

Spring Cloud Gateway 远程代码执行漏洞Exp Spring_Cloud_Gateway_RCE_Exp-CVE-2022-22947

lucksec/Spring-Cloud-Gateway-CVE-2022-22947

Type: github • Created: 2022-03-02 11:58:55 UTC • Stars: 219

CVE-2022-22947