Cyber Resilience

CVE-2022-41573

Critical

Published: 07 January 2025

Published
07 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0119 64.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2022-41573 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Deeper analysis

Ovidentia 8.3 contains an unrestricted file upload vulnerability tracked as CVE-2022-41573 and CWE-434. The application's file upload feature accepts executable content without validation, allowing a user to upload a PNG image that embeds PHP code and subsequently rename the file to a .php extension. The resulting file is then served from an images/common/ path, enabling remote code execution on the server.

An unauthenticated remote attacker can exploit the flaw over the network with low complexity. By uploading and renaming the crafted file, the attacker obtains arbitrary code execution with the privileges of the web server process, which corresponds to the CVSS 9.8 rating reflecting full confidentiality, integrity, and availability impact.

Public references include the project's Bitbucket repository and a GitHub repository maintained by Orange Cyberdefense that hosts a proof-of-concept exploit for CVE-2022-41573. No vendor advisory or patch information is provided in the available references.

The associated EPSS score has remained near 0.13 with only minor variation between its recorded peak and current value.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will…

more

then be accessible at an images/common/ URI for remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload in public web app directly enables web shell deployment (PHP) for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-50002Shared CWE-434
CVE-2015-10135Shared CWE-434
CVE-2025-69312Shared CWE-434
CVE-2015-10144Shared CWE-434
CVE-2025-7852Shared CWE-434
CVE-2025-44658Shared CWE-434
CVE-2026-37748Shared CWE-434
CVE-2025-49387Shared CWE-434
CVE-2025-6058Shared CWE-434
CVE-2026-6518Shared CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of file upload inputs to detect and reject disguised executable PHP code in image files.

prevent

Enforces secure web server configuration settings to disable PHP execution in publicly accessible upload directories like images/common/.

preventdetect

Deploys malicious code protection mechanisms at file upload entry points to scan and eradicate embedded PHP code enabling remote execution.

References