CVE-2022-25842

MEDIUM

alibaba one-java-agent-plugin < 0.0.2 - Arbitrary File Write via Zip Slip Archive Extraction

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-25842. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2022-25842, targeting the Alibaba One Java Agent. The exploit demonstrates how to leverage the vulnerability to execute arbitrary code via plugin activation.

Description

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

Exploits (1)

nomisec WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/alibaba__one-java-agent_CVE-2022-25842_0-0-1

This repository contains a proof-of-concept exploit for CVE-2022-25842, targeting the Alibaba One Java Agent. The exploit demonstrates how to leverage the vulnerability to execute arbitrary code via plugin activation.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Alibaba One Java Agent
No auth needed
Prerequisites: Access to a vulnerable instance of Alibaba One Java Agent
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.9
EPSS 0.0271
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:L

Details

CWE
CWE-22
Status published
Products (2)
alibabagroup/one-java-agent
com.alibaba.oneagent/one-java-agent-plugin 0 - 0.0.2Maven
Published May 01, 2022
Tracked Since Feb 18, 2026