Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2022-25369
PUBLISHEDAn issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a...
- Vendor
- Dynamicweb
- Product
- Dynamicweb
- Published
- Jan 23, 2026
- EPSS
- —
Description
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later).
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2025-06-06 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- none
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| The Shadowserver (via CIRCL) | Jun 06, 2025 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-25369.yaml | Jun 01, 2026 |
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public
-
Detected by Nuclei