What is CVE-2022-25369?

CVE-2022-25369 is a vulnerability in N/a. Published 2026-01-23.

Is CVE-2022-25369 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-25369

An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an a…

EPSS: 0.829 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates

References

www.dynamicweb.com/resources/downloads
www.assetnote.io/resources/research/advisory-dynamicweb-logic-flaw-leading-to-r…

Frequently asked questions

What is CVE-2022-25369?: CVE-2022-25369 is a vulnerability in N/a. Published 2026-01-23.
Is CVE-2022-25369 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.