Cyber Resilience

CVE-2022-50931

HighPublic PoCLPE

Published: 13 January 2026

Published
13 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0019 9.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2022-50931 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Teamspeak Teamspeak. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Executable Installer File Permissions Weakness (T1574.005); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2022-50931 is an insecure file permissions vulnerability (CWE-732) in TeamSpeak 3.5.6 that enables local attackers to replace executable files with malicious binaries. The issue affects critical system executables, such as ts3client_win32.exe, due to overly permissive access controls. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact with low attack complexity and privileges required.

Local attackers with low-level privileges on the system can exploit this vulnerability by overwriting protected executables with custom malicious files. Successful exploitation allows elevation to SYSTEM or Administrator-level access, enabling full control over the compromised host through arbitrary code execution.

Advisories and potential patches are detailed in resources including the VulnCheck advisory at https://www.vulncheck.com/advisories/teamspeak-insecure-file-permissions, TeamSpeak's official site at https://www.teamspeak.com, and downloads page at https://www.teamspeak.com/en/downloads. A proof-of-concept exploit is available at https://www.exploit-db.com/exploits/50743.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.005 Executable Installer File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by an installer.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Insecure file permissions (CWE-732) on critical executables directly enable binary replacement for execution hijacking and local privilege escalation to SYSTEM.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33430Shared CWE-732
CVE-2025-21325Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2026-25112Shared CWE-732
CVE-2025-22454Shared CWE-732
CVE-2026-8110Shared CWE-732
CVE-2024-55411Shared CWE-732
CVE-2024-11497Shared CWE-732
CVE-2026-24834Shared CWE-732
CVE-2026-41217Shared CWE-732

Affected Assets

teamspeak
teamspeak
3.5.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly protects the integrity of executable programs like ts3client_win32.exe from unauthorized modification by local attackers exploiting insecure file permissions.

prevent

Enforces approved access control policies on system resources, including restrictive file permissions that prevent low-privilege local users from overwriting critical executables.

prevent

Restricts and authorizes physical and logical access associated with changes to system components, mitigating the ability of local attackers to replace executables due to permissive permissions.

References