Cyber Resilience

CVE-2022-27518

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 13 December 2022

Published
13 December 2022
Modified
25 February 2026
KEV Added
13 December 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2769 96.6th percentile
Risk Priority 56 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-27518 is a critical-severity Improper Control of a Resource Through its Lifetime (CWE-664) vulnerability in Citrix Application Delivery Controller Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-27518 is an unauthenticated remote arbitrary code execution vulnerability carrying a CVSS 3.1 score of 9.8. The affected component is a Citrix product, as documented in the vendor advisory CTX474995.

An attacker can exploit the flaw over the network without any credentials or user interaction, resulting in full compromise of confidentiality, integrity, and availability on the target system.

The Citrix support article CTX474995 and the CISA Known Exploited Vulnerabilities catalog both address the issue, directing administrators to available patches and remediation steps.

The vulnerability appears in the CISA catalog, confirming observed exploitation in the wild, while its EPSS score has remained flat at a peak of 0.2769.

EU & UK References

Vulnerability details

Unauthenticated remote arbitrary code execution

CWE(s)
KEV Date Added
13 December 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

citrix
application delivery controller firmware
12.1 — 12.1-55.291 · 12.1 — 12.1-55.291 · 12.1 — 12.1-65.25
citrix
gateway firmware
12.1 — 12.1-65.25 · 13.0 — 13.0-58.32

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks unauthenticated network access to exposed Citrix management/VPN interfaces before exploitation can occur.

prevent

Requires prompt application of vendor patches that eliminate the unauthenticated RCE flaw.

AC-17 Remote Access partial match
prevent

Enforces authorization, encryption, and monitoring requirements for all remote connections to the affected appliances.

References