Cyber Resilience

CVE-2022-45134

CriticalRCE

Published: 22 August 2025

Published
22 August 2025
Modified
08 September 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0067 71.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-45134 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Mahara Mahara. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2022-45134 is a critical deserialization vulnerability (CWE-502) affecting Mahara, an open-source web application for managing learning portfolios. Specifically, versions 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 unsafely deserialize user-supplied input during the import of skin files, which are XML-based customization themes. A specially crafted XML file processed during this import can trigger arbitrary code execution on the server. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its remote exploitability and comprehensive impact.

The attack requires no authentication or user interaction, allowing unauthenticated remote attackers to exploit it by submitting a malicious XML skin file through the import functionality. Successful exploitation grants attackers full control over the affected Mahara instance, enabling arbitrary code execution with the privileges of the web server process, potentially leading to data theft, modification, or further system compromise.

Mitigation involves upgrading to Mahara 21.10.6, 22.04.4, or 22.10.1, where the deserialization flaw is addressed. Detailed discussions and patches are available in the official advisories at https://bugs.launchpad.net/mahara/+bug/1993082 and https://mahara.org/interaction/forum/topic.php?id=9353.

EU & UK References

Vulnerability details

Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote unauthenticated deserialization in public web app import enables arbitrary code execution (T1190) and subsequent command/script execution on server (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-29782Shared CWE-502
CVE-2026-42778Shared CWE-502
CVE-2025-68047Shared CWE-502
CVE-2026-22345Shared CWE-502
CVE-2024-28988Shared CWE-502
CVE-2026-47161Shared CWE-502
CVE-2024-9664Shared CWE-502
CVE-2026-24385Shared CWE-502
CVE-2026-27084Shared CWE-502
CVE-2025-42944Shared CWE-502

Affected Assets

mahara
mahara
21.10.0 — 21.10.6 · 22.04.0 — 22.04.4 · 22.10.0 — 22.10.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring identification, reporting, and correction of the deserialization flaw through patching to fixed Mahara versions.

prevent

Requires validation of user-supplied XML input during skin import to prevent unsafe deserialization leading to code execution.

prevent

Implements memory protections that hinder arbitrary code execution resulting from successful deserialization exploits.

References