Cyber Resilience

CVE-2022-24816

CriticalCISA KEVActive ExploitationEUVD ExploitedRCE

Published: 13 April 2022

Published
13 April 2022
Modified
24 October 2025
KEV Added
26 June 2024
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9402 99.9th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-24816 is a critical-severity Code Injection (CWE-94) vulnerability in Geosolutionsgroup Jai-Ext. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-24816 is a remote code execution vulnerability in the JAI-EXT library, an open-source extension to the Java Advanced Imaging API. It arises when applications accept Jiffle scripts over the network and compile them into Java bytecode using the Janino library; the lack of input sanitization permits arbitrary code injection. The flaw directly affects downstream projects such as GeoServer that expose this functionality.

An unauthenticated attacker can supply a malicious Jiffle script via a network request, causing the application to compile and execute attacker-controlled Java code. Successful exploitation yields full confidentiality, integrity Availability impact and crosses trust boundaries, consistent with the CVSS 10.0 rating and CWE-94 classification.

The project’s security advisory and patch release (version 1.2.22) disable the ability to inject executable code into compiled scripts. Administrators who cannot upgrade are advised to remove the janino JAR from the runtime classpath, thereby preventing Jiffle compilation entirely. The vulnerability is catalogued in CISA’s Known Exploited Vulnerabilities list, and its EPSS score has remained consistently high (current 0.94, peak 0.97), indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java…

more

code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath.

CWE(s)
KEV Date Added
26 June 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

geosolutionsgroup
jai-ext
≤ 1.1.22

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the JAI-EXT 1.2.22 patch that disables the Jiffle-to-Java code-injection path.

prevent

Mandates removal of non-essential components (janino-*.jar) from the classpath, eliminating the Jiffle compilation capability that enables RCE.

prevent

Requires validation of untrusted Jiffle script input to block crafted payloads that inject arbitrary Java code via Janino.

References