CVE-2022-45783
Published: 01 February 2023
Summary
CVE-2022-45783 is a medium-severity Path Traversal (CWE-22) vulnerability in Dotcms Dotcms. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-45783 is an authenticated directory traversal vulnerability, tracked under CWE-22, that affects the dotCMS API in versions of dotCMS core from 4.x through 22.10.2 and can result in remote code execution. The flaw carries a CVSS 3.1 score of 6.5 with an attack vector that is local, requires high privileges, and involves user interaction.
An attacker who already possesses a valid high-privileged account on an affected dotCMS instance can exploit the directory traversal condition in the API to read or write arbitrary files, ultimately achieving remote code execution on the server.
dotCMS has published security advisory information addressing the issue at https://www.dotcms.com/security/SI-67.
The EPSS score for this CVE rose materially from a low baseline to a peak of 0.1869 on 2025-12-11 before receding, indicating that exploitation interest emerged after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-48641
Vulnerability details
An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.