{"vulnerability": "CVE-2022-2532", "sightings": [{"uuid": "f53240bb-f5c1-4466-8b21-3f821525fde8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-06)", "content": "", "creation_timestamp": "2025-01-06T00:00:00.000000Z"}, {"uuid": "3fa58b57-9091-47ec-b13c-c1a4aafbab75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "878d96af-edd6-4b6e-a262-338d513622ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-18)", "content": "", "creation_timestamp": "2025-03-18T00:00:00.000000Z"}, {"uuid": "ec027de3-6331-4ed6-8a3f-b917fe3debd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-20)", "content": "", "creation_timestamp": "2025-02-20T00:00:00.000000Z"}, {"uuid": "0732a007-9abb-4269-b39a-21805b3f1d58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-13)", "content": "", "creation_timestamp": "2025-03-13T00:00:00.000000Z"}, {"uuid": "7fdfa927-abce-4903-b330-aa919068a656", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-11)", "content": "", "creation_timestamp": "2025-06-11T00:00:00.000000Z"}, {"uuid": "38f76c60-f8d7-4ce1-b5ee-3c2d74a7046d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-05)", "content": "", "creation_timestamp": "2025-06-05T00:00:00.000000Z"}, {"uuid": "408f6dea-4c8c-4bfd-bd26-e4c70ec86894", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-25322.yaml", "content": "", "creation_timestamp": "2025-09-23T15:44:30.000000Z"}, {"uuid": "896895f9-2622-4504-86a0-6e15446a213d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25328", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12652", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25328\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above\n\ud83d\udccf Published: 2022-02-25T11:00:15.758Z\n\ud83d\udccf Modified: 2025-04-21T13:56:13.459Z\n\ud83d\udd17 References:\n1. https://github.com/google/fscrypt/pull/346", "creation_timestamp": "2025-04-21T14:02:09.000000Z"}, {"uuid": "fb0004a4-3687-4615-baa3-f4717f6b0306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25327", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12651", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25327\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above\n\ud83d\udccf Published: 2022-02-25T11:00:14.437Z\n\ud83d\udccf Modified: 2025-04-21T13:56:22.478Z\n\ud83d\udd17 References:\n1. https://github.com/google/fscrypt/pull/346", "creation_timestamp": "2025-04-21T14:02:08.000000Z"}, {"uuid": "08aa7d74-2d76-47b1-903d-210254d784d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25326", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12650", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25326\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.\n\ud83d\udccf Published: 2022-02-25T11:00:13.023Z\n\ud83d\udccf Modified: 2025-04-21T13:56:31.289Z\n\ud83d\udd17 References:\n1. https://github.com/google/fscrypt/pull/346", "creation_timestamp": "2025-04-21T14:02:07.000000Z"}, {"uuid": "09602c6c-0f07-4c0f-bddd-ab53e18c6524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25324", "type": "seen", "source": "https://t.me/cibsecurity/42159", "content": "\u203c CVE-2022-25324 \u203c\n\nAll versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-07T00:23:01.000000Z"}, {"uuid": "2479af1a-41b1-4980-9443-e097bb3ee523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25323", "type": "seen", "source": "https://t.me/cibsecurity/37730", "content": "\u203c CVE-2022-25323 \u203c\n\nZEROF Web Server 2.0 allows /admin.back XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T20:40:34.000000Z"}, {"uuid": "493a6d44-2292-48da-bad8-a3565d3ecb76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25326", "type": "seen", "source": "https://t.me/cibsecurity/38083", "content": "\u203c CVE-2022-25326 \u203c\n\nfscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T14:20:36.000000Z"}, {"uuid": "32deaacd-7049-4fb0-b37b-7e172ddee283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25328", "type": "seen", "source": "https://t.me/cibsecurity/38079", "content": "\u203c CVE-2022-25328 \u203c\n\nThe bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T14:20:31.000000Z"}, {"uuid": "341fd1da-888e-4398-8003-3be2f1d5b159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25327", "type": "seen", "source": "https://t.me/cibsecurity/38080", "content": "\u203c CVE-2022-25327 \u203c\n\nThe PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T14:20:32.000000Z"}, {"uuid": "91e5e129-a3d8-48c2-a6c5-85e310a19d08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25322", "type": "seen", "source": "https://t.me/cibsecurity/37716", "content": "\u203c CVE-2022-25322 \u203c\n\nZEROF Web Server 2.0 allows /HandleEvent SQL Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-18T20:40:14.000000Z"}]}