CVE-2022-25152

HIGH Year: 2022
CVSS v3 Score
8.8
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-358
View all →

Vulnerability Description

The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents.

Related Vulnerabilities

CVE-2016-10834

HIGH
CVSS:8.8(High)

cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

CWE-3582016

CVE-2024-6101

HIGH
CVSS:8.8(High)

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CWE-3582024

CVE-2024-6995

HIGH
CVSS:8.8(High)

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of ...

CWE-3582024

CVE-2025-3069

HIGH
CVSS:8.8(High)

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Mediu...

CWE-3582025

CVE-2023-39403

CRITICAL
CVSS:9.1(Critical)

Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.

CWE-3582023

CVE-2016-10825

HIGH
CVSS:8.1(High)

cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

CWE-3582016