CVE-2022-25356
Published: 05 April 2022
Summary
CVE-2022-25356 is a medium-severity aka Blind XPath Injection (CWE-91) vulnerability in Altn Securitygateway. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Alt-N MDaemon Security Gateway through version 8.5.0 is affected by an XML injection vulnerability (CWE-91) in the SecurityGateway.dll component when handling the view=login parameter. The flaw carries a CVSS 3.1 base score of 5.3 and permits unauthenticated network access that can disclose limited information.
An unauthenticated remote attacker can supply crafted XML input to the login view endpoint, resulting in partial confidentiality exposure without requiring user interaction or credentials. The attack vector is rated as low complexity and network-reachable.
Public advisories published by SWASCAN and the vendor Alt-N describe the issue and point to the vendor's product pages for Security Gateway; no explicit patch version or configuration workaround is detailed in the available references. The associated EPSS score rose from lower values to a peak of 0.8534 before receding to the current 0.7287, indicating post-disclosure exploitation interest that later declined.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-30027
Vulnerability details
Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.