What is CVE-2022-25237?

CVE-2022-25237 is a vulnerability in N/a. Published 2022-05-27.

Is CVE-2022-25237 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-25237

Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL…

EPSS: 0.911 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
H4cksploit/CVEs-master
KirkDJohnson/Threat-Detection-Lab
Mayukh-Ghara/Meerkat-Analysis-Report
Mr-xn/Penetration_
RhinoSecurityLabs/CVEs
lions2012/Penetration_
merlinepedra/RHINOECURITY-CVEs
merlinepedra25/RHINOSECURITY-CVEs
xuetusummer/Penetration_

References

github.com/bonitasoft/bonita-web (x_refsource_MISC)
rhinosecuritylabs.com/application-security/cve-2022-25237-bonitasoft-authorizat… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-25237?: CVE-2022-25237 is a vulnerability in N/a. Published 2022-05-27.
Is CVE-2022-25237 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.