Cyber Resilience

CVE-2022-4510

HighPublic PoC

Published: 26 January 2023

Published
26 January 2023
Modified
16 December 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.4457 97.7th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4510 is a high-severity Path Traversal (CWE-22) vulnerability in Microsoft Binwalk. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A path traversal vulnerability affects ReFirm Labs binwalk versions 2.1.2b through 2.3.3 in the PFS extractor implemented in src/binwalk/plugins/unpfs.py. When binwalk is invoked with the extraction option (-e), a specially crafted PFS filesystem image can cause the tool to write files to arbitrary locations on the filesystem.

An attacker can supply a malicious PFS file that, upon extraction by an unsuspecting user, places a crafted plugin into the .config/binwalk/plugins directory. This achieves remote code execution because binwalk automatically loads modules from that location. The attack requires no privileges and only local user interaction to open the file, corresponding to the reported CVSS 7.8 rating and CWE-22 classification.

Upstream remediation is available via pull request 617, which corrects the path-handling logic in the PFS plugin. Distribution advisories such as Gentoo GLSA-202309-07 and Debian LTS-LA-20251222-1 recommend upgrading to a patched binwalk release; users should avoid running extraction on untrusted firmware images until the fix is applied.

EPSS scores reached a peak of 0.5063 and currently stand at 0.4457 after receding, indicating sustained but not sharply escalating interest following disclosure. No confirmed in-the-wild exploitation campaigns are documented in the provided references.

EU & UK References

Vulnerability details

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run…

more

in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
binwalk
2.2.0 — 2.3.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References