Cyber Posture

CVE-2025-22137

Critical

Published: 08 January 2025

Published
08 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0018 39.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22137 is a critical-severity Improper Input Validation (CWE-20) vulnerability. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the improper input validation (CWE-20) enabling arbitrary file paths in HTTP POST requests to overwrite server files.

AC-3 Access Enforcement good match
prevent

Enforces logical access controls to restrict file write operations to authorized locations only, preventing arbitrary overwrites of sensitive system files.

SI-9 Information Input Restrictions good match
prevent

Restricts types, sources, and handling of uploaded files to block dangerous file types and unauthorized paths (CWE-434) in anonymous or authenticated shares.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct remote exploitation of a public-facing web app via arbitrary file overwrite due to missing input validation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST…

more

requests. The issue has been patched in version 1.4.0.

Deeper analysisAI

CVE-2025-22137 is a critical vulnerability in Pingvin Share, a self-hosted file sharing platform designed as an alternative to WeTransfer. The flaw enables arbitrary file overwrites on the server, including sensitive system files, through HTTP POST requests due to improper input validation (CWE-20) and unrestricted handling of dangerous file types (CWE-434). It affects versions of Pingvin Share prior to 1.4.0 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Both authenticated users and unauthenticated users (if anonymous shares are permitted) can target it without privileges, achieving high-impact compromise of confidentiality, integrity, and availability by overwriting critical files on the server.

The vulnerability has been patched in Pingvin Share version 1.4.0. Mitigation involves upgrading to this version or later, as detailed in the GitHub security advisory (GHSA-rjwx-p44f-mcrv) and the associated fix commits.

Details

CWE(s)
CWE-20CWE-434

CVEs Like This One

CVE-2025-68398Shared CWE-20, CWE-434
CVE-2026-2113Shared CWE-20, CWE-434
CVE-2025-34299Shared CWE-434
CVE-2026-20856Shared CWE-20
CVE-2025-1736Shared CWE-20
CVE-2025-67484Shared CWE-20
CVE-2025-15158Shared CWE-434
CVE-2026-2880Shared CWE-20
CVE-2025-13156Shared CWE-434
CVE-2026-1358Shared CWE-434

References