Cyber Resilience

CVE-2022-45783

Medium

Published: 01 February 2023

Published
01 February 2023
Modified
27 March 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0024 48.0th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-45783 is a medium-severity Path Traversal (CWE-22) vulnerability in Dotcms Dotcms. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-45783 is an authenticated directory traversal vulnerability, tracked under CWE-22, that affects the dotCMS API in versions of dotCMS core from 4.x through 22.10.2 and can result in remote code execution. The flaw carries a CVSS 3.1 score of 6.5 with an attack vector that is local, requires high privileges, and involves user interaction.

An attacker who already possesses a valid high-privileged account on an affected dotCMS instance can exploit the directory traversal condition in the API to read or write arbitrary files, ultimately achieving remote code execution on the server.

dotCMS has published security advisory information addressing the issue at https://www.dotcms.com/security/SI-67.

The EPSS score for this CVE rose materially from a low baseline to a peak of 0.1869 on 2025-12-11 before receding, indicating that exploitation interest emerged after public disclosure.

EU & UK References

Vulnerability details

An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

dotcms
dotcms
4.0.0 — 22.10.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References