CVE-2022-25842

MEDIUM

Alibabagroup One-java-agent < 0.0.2 - Path Traversal

Title source: rule

Description

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

Exploits (1)

nomisec WORKING POC

by shoucheng3 · poc

https://github.com/shoucheng3/alibaba__one-java-agent_CVE-2022-25842_0-0-1

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://github.com/alibaba/one-java-agent/blob/1f399a2299a8a409d15ea6111a7098629b8f1050/one-java-agent-plugin/src/main/java/com/alibaba/oneagent/utils/IOUtils.java

[Patch, Third Party Advisory] https://github.com/alibaba/one-java-agent/pull/29

[Third Party Advisory] https://github.com/alibaba/one-java-agent/pull/29/commits/359603b63fc6c59d8b57e061c171954bab3433bf

[Third Party Advisory] https://snyk.io/vuln/SNYK-JAVA-COMALIBABAONEAGENT-2407874

Scores

CVSS v3 6.9

EPSS 0.0271

EPSS Percentile 85.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L

Details

CWE

CWE-22

Status published

Products (2)

alibabagroup/one-java-agent

com.alibaba.oneagent/one-java-agent-plugin 0 - 0.0.2Maven

Published May 01, 2022

Tracked Since Feb 18, 2026