CVE-2022-41158
Published: 25 November 2022
Summary
CVE-2022-41158 is a high-severity Path Traversal (CWE-22) vulnerability in Eyoom Eyoom Builder. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 9.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-41158 is a remote code execution vulnerability that arises when cookie values are treated as file paths inside a builder program. The flaw maps to CWE-22 (path traversal) and CWE-94 (code injection) and carries a CVSS 3.1 base score of 7.2. No specific product name or version range is supplied in the available data.
An attacker who already possesses high-privileged credentials can supply a crafted cookie that causes the application to read or execute attacker-controlled content, resulting in arbitrary code execution on the affected system. The attack is network-reachable and requires no user interaction once privileged access is obtained.
The referenced KR-CERT advisory does not detail patches or work-arounds in the supplied record. EPSS remains flat at 0.0543 with no material increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-44399
Vulnerability details
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.
Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.
Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.
Directly prevents execution of attacker-supplied code written into data memory regions.