CVE-2022-25369

Critical CVSS: 9.8

An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later).

Vendor

Product

CWE

CWE-287

Yayın Tarihi

2026-01-23 17:16:04

Güncelleme

2026-01-26 15:03:33

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-287 CRITICAL 2026

Referanslar

https://www.assetnote.io/resources/research/advisory-dynamicweb-logic-flaw-leading-to-rce-cve-2022-25369 https://www.dynamicweb.com/resources/downloads?Category=Releases