CVE-2022-37177

HIGH

HireVue Hiring Platform - Use of a Broken or Risky Cryptographic Algorithm

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37177. PoCs published by JC175.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2022-37177, explaining how HireVue's use of a weak rail fence cipher allows attackers to decrypt interview questions before the interview starts. It includes steps to locate and decrypt the encrypted questions using an online tool.

Description

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore, the rail-fence cipher has been removed, and TLS 1.2 is now used for encryption.

Exploits (1)

nomisec WRITEUP 1 stars
by JC175 · poc
https://github.com/JC175/CVE-2022-37177

This repository provides a detailed technical analysis of CVE-2022-37177, explaining how HireVue's use of a weak rail fence cipher allows attackers to decrypt interview questions before the interview starts. It includes steps to locate and decrypt the encrypted questions using an online tool.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: HireVue interview platform
No auth needed
Prerequisites: Access to a HireVue interview invite link
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://github.com/JC175/CVE-2022-37177
Vendor Advisory
https://www.hirevue.com/

Scores

CVSS v3 7.5
EPSS 0.0037
EPSS Percentile 29.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-327
Status published
Products (1)
hirevue/hiring_platform
Published Aug 29, 2022
Tracked Since Feb 18, 2026