CVE-2022-25337 – This vulnerability in Ibexa DXP allows attacker... (How to Fix)

Q: What is the severity of CVE-2022-25337?

CVE-2022-25337 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Ibexa DXP allows attackers to perform injection attacks via image filenames. It affects systems running ezsystems/ezpublish-kernel versions 7.5.x before 7.5.26 and 1.3.x before 1.3.12. The high CVSS score indicates potential for remote code execution or other serious impacts.

📋 TL;DR

This vulnerability in Ibexa DXP allows attackers to perform injection attacks via image filenames. It affects systems running ezsystems/ezpublish-kernel versions 7.5.x before 7.5.26 and 1.3.x before 1.3.12. The high CVSS score indicates potential for remote code execution or other serious impacts.

💻 Affected Systems

Products:

Ibexa DXP
ezsystems/ezpublish-kernel

Versions: 7.5.x before 7.5.26 and 1.3.x before 1.3.12

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with image upload functionality enabled.

📦 What is this software?

Ez Platform Kernel by Ibexa

View all CVEs affecting Ez Platform Kernel →

Ez Platform Kernel by Ibexa

View all CVEs affecting Ez Platform Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

File upload manipulation allowing unauthorized file access, directory traversal, or limited code execution.

🟢

If Mitigated

Attack blocked at web application firewall or input validation layer with no impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Injection via filenames typically requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.5.26 or 1.3.12

Vendor Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization

Restart Required: Yes

Instructions:

1. Update to ezsystems/ezpublish-kernel version 7.5.26 or 1.3.12. 2. Clear application cache. 3. Restart web server.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to reject image filenames containing special characters or path traversal sequences.

WAF Rule

all

Deploy web application firewall rules to block requests with suspicious filename patterns in upload parameters.

🧯 If You Can't Patch

Disable image upload functionality entirely if not required.
Implement strict file extension whitelisting and rename uploaded files to random names.

🔍 How to Verify

Check if Vulnerable:

Check composer.json or installed packages for ezsystems/ezpublish-kernel version below 7.5.26 or 1.3.12.

Check Version:

composer show ezsystems/ezpublish-kernel

Verify Fix Applied:

Confirm ezsystems/ezpublish-kernel version is 7.5.26 or higher, or 1.3.12 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload attempts with special characters in filenames
Errors from file validation functions

Network Indicators:

HTTP POST requests to upload endpoints with crafted filenames

SIEM Query:

source="web_server" AND (uri_path="*upload*" OR uri_path="*image*") AND (http_method="POST") AND (user_agent="*curl*" OR user_agent="*wget*" OR user_agent="*python*" OR user_agent="*scan*" OR user_agent="*exploit*")

📊 Metadata

CVE ID: CVE-2022-25337

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

Published: February 18, 2022

Last Updated: November 21, 2024

🔗 References

https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization Mitigation,Vendor Advisory
https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-25337, you might also want to check these: