Cyber Resilience

CVE-2023-22457

CriticalPublic PoC

Published: 04 January 2023

Published
04 January 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0113 78.7th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-22457 is a critical-severity CSRF (CWE-352) vulnerability in Xwiki Ckeditor Integration. Its CVSS base score is 9.0 (Critical).

Operationally, ranked in the top 21.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The vulnerability is a cross-site request forgery flaw (CWE-352) in the CKEditor Integration UI component for XWiki. Prior to version 1.64.3, the CKEditor.HTMLConverter document did not implement any CSRF protections, allowing an attacker to invoke macro execution under the privileges of the current authenticated user. The affected code is present both in the standalone CKEditor Integration application and in the version bundled with XWiki releases before 14.6 RC1.

An attacker who can cause a user possessing programming rights to issue a crafted GET request—via an embedded image tag in a comment, a redirect, or similar vector—can execute arbitrary macros. Successful exploitation yields remote code execution, privilege escalation, disclosure of private content, or denial of service against the wiki instance. The attack requires the victim to be logged in and to interact with attacker-controlled content, but needs no other special preconditions.

Advisories and the associated patches state that the issue is resolved in CKEditor Integration 1.64.3 and in the CKEditor integration shipped with XWiki 14.6 RC1; the referenced commits and GitHub Security Advisory GHSA-6mjp-2rm6-9g85 confirm that upgrading the integration is the only recommended mitigation, with no configuration workarounds available.

EPSS for the CVE rose from a low baseline to a peak of 0.0689 on 2025-12-11 before receding to the current value of 0.0113, indicating a later surge in exploitation interest after the original disclosure.

EU & UK References

Vulnerability details

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged…

more

user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki. The issue has been patched in the CKEditor Integration version 1.64.3. This has also been patched in the version of the CKEditor integration that is bundled starting with XWiki 14.6 RC1. There are no known workarounds for this other than upgrading the CKEditor integration to a fixed version.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

xwiki
ckeditor integration
≤ 1.64.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-352

Awareness training educates users on avoiding untrusted links and actions that can be exploited via CSRF.

addresses: CWE-352

Requiring user re-entry of credentials for sensitive actions prevents automated forgery of requests without active user participation.

addresses: CWE-352

Security testing regimens explicitly include checks for missing or ineffective anti-CSRF protections in web applications.

addresses: CWE-352

Detects anomalous request patterns consistent with cross-site request forgery.

References