Cyber Resilience

CVE-2022-45063

CriticalPublic PoCRCE

Published: 10 November 2022

Published
10 November 2022
Modified
08 April 2026
KEV Added
Patch
10 November 2022
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1403 94.5th percentile
Risk Priority 28 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-45063 is a critical-severity Command Injection (CWE-77) vulnerability in Fedoraproject Fedora. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2022-45063 affects xterm versions prior to 375 and stems from insufficient sanitization of font-related operations, notably OSC 50 escape sequences. An attacker-controlled response containing a Ctrl-G character can be interpreted as a command terminator, enabling arbitrary command execution when the terminal interacts with applications such as Zsh running in vi line-editing mode. The vulnerability carries a CVSS score of 9.8 and is classified under CWE-77; font operations are disabled by default in the xterm configurations shipped by several Linux distributions, limiting exposure in those environments.

An unauthenticated remote attacker can exploit the flaw over the network by supplying malicious terminal escape sequences that trigger the vulnerable font-operation path. Successful exploitation grants the attacker the ability to execute arbitrary commands with the privileges of the user running the terminal session, resulting in complete compromise of confidentiality, integrity, and availability.

Public advisories published on the Openwall oss-security mailing list and entries in the xterm change log at invisible-island.net detail the issue and the corrective changes incorporated in version 375. Administrators are advised to update xterm to 375 or later and to verify that font operations remain disabled in any locally customized configurations.

EPSS scores for the CVE rose from lower values to a peak of 0.2570 on 2025-12-18 before receding to the current 0.1403, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm…

more

default configurations of some Linux distributions.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

invisible-island
xterm
≤ 375
fedoraproject
fedora
35, 36, 37

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References