CVE-2022-25369
CRITICAL EXPLOITED NUCLEIDynamicweb < 9.12.8 - Unauthenticated Administrator User Creation and Remote Code Execution
Title source: llmExploitation Summary
CVE-2022-25369 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later).
Nuclei Templates (1)
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
CRITICALby pdteam
Shodan:
http.component:"Dynamicweb"
References (2)
Core 2
Core References
Various Sources
https://www.assetnote.io/resources/research/advisory-dynamicweb-logic-flaw-leading-to-rce-cve-2022-25369
Various Sources
https://www.dynamicweb.com/resources/downloads?Category=Releases
Scores
CVSS v3
9.8
EPSS
0.4261
EPSS Percentile
98.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2023-11-14
CWE
CWE-287
CWE-288
Status
published
Published
Jan 23, 2026
Tracked Since
Feb 18, 2026