Cyber Posture

CVE-2022-23851

CriticalPublic PoC

Published: 17 December 2025

Published
17 December 2025
Modified
05 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-23851 is a critical-severity Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Netaxis Api Orchestrator. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the SSTI vulnerability by requiring identification, reporting, and correction of the flaw through patching to Netaxis API Orchestrator version 0.19.3 or later.

SI-10 Information Input Validation good match
prevent

Prevents SSTI exploitation by enforcing validation of all user inputs to the server-side template rendering process using organization-defined tools and techniques.

SI-4 System Monitoring partial match
detect

Supports detection of ongoing SSTI attacks by monitoring the system for indicators of malicious template injection and unauthorized activities.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

SSTI vulnerability in public-facing Netaxis API Orchestrator enables unauthenticated remote exploitation of a public-facing application (T1190), allowing high-impact compromise including full server control.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).

Deeper analysisAI

Netaxis API Orchestrator (APIO), versions prior to 0.19.3, is affected by CVE-2022-23851, a server-side template injection (SSTI) vulnerability classified under CWE-1336. This flaw allows attackers to inject malicious templates into the application's server-side rendering process. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for widespread remote exploitation.

Unauthenticated attackers with network access can exploit this SSTI vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact compromise, including unauthorized access to sensitive data (confidentiality), modification of system resources (integrity), and disruption of services (availability), potentially leading to full server control.

Advisories recommend upgrading to Netaxis API Orchestrator version 0.19.3 or later to mitigate the issue. Additional details are available in the vendor product page at https://www.netaxis.be/products/apio/ and the security blog post at https://blog.tig00r.me/post/CVE-2022-23851. The CVE was published on 2025-12-17T15:15:48.387.

Details

CWE(s)
CWE-1336

Affected Products

netaxis
api orchestrator
≤ 0.19.3

CVEs Like This One

CVE-2025-53909Shared CWE-1336
CVE-2026-1868Shared CWE-1336
CVE-2026-21448Shared CWE-1336
CVE-2026-34587Shared CWE-1336
CVE-2025-49828Shared CWE-1336
CVE-2025-59340Shared CWE-1336
CVE-2026-28695Shared CWE-1336
CVE-2024-57177Shared CWE-1336
CVE-2024-54954Shared CWE-1336
CVE-2026-28784Shared CWE-1336

References