CVE-2022-22715
Published: 09 February 2022
Summary
CVE-2022-22715 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Microsoft Windows 10. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 6.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-22715 is a Named Pipe File System Elevation of Privilege Vulnerability that affects Windows components. It is rated 7.8 under CVSS 3.1 with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and is linked to CWE-191.
A local attacker with low privileges can exploit the flaw without user interaction to obtain elevated rights and achieve full impact on confidentiality, integrity, and availability of the target system.
Microsoft security advisories at the referenced MSRC update guide address the issue through available patches. The associated EPSS score rose from a low baseline to a peak of 0.1991 on 2025-12-11 before receding to the current value of 0.0998, indicating post-disclosure exploitation interest that warrants renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27858
Vulnerability details
Named Pipe File System Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.