{"vulnerability": "CVE-2022-3225", "sightings": [{"uuid": "a5281fc3-1428-4716-9cfe-82b39b4381e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/42463", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aReproduce CVE-2022-32250 and CVE-2025-21756 by tampering with modprobe_path and hijacking control flow, respectively.\nURL\uff1ahttps://github.com/KuanKuanQAQ/cve-testing\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-30T06:53:06.000000Z"}, {"uuid": "fafe369b-2249-4472-b466-f15b719217c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2655", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-32250 - Working Proof of Concept & Patch\nURL\uff1ahttps://github.com/0dayCTF/CVE-2022-32250_PoC\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-06T16:33:44.000000Z"}, {"uuid": "45958d71-3d5d-424b-afca-b8edde8923f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10147", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Exploiting a limited UAF in nf_tables (CVE-2022-32250).\n\nhttps://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/", "creation_timestamp": "2022-09-01T19:38:00.000000Z"}, {"uuid": "38786b4c-6e87-4313-a792-319040d9f86a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10112", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Linux Kernel Exploit (CVE-2022-32250) with mqueue.\n\nhttps://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/", "creation_timestamp": "2022-08-25T07:50:17.000000Z"}, {"uuid": "116bf85f-89cc-41a5-ba80-038391911f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/120", "content": "Top Security News for 02/09/2022\n\nChina-Linked APT40 Gang Targets Wind Farms, Australian Government\nhttps://packetstormsecurity.com/news/view/33791/China-Linked-APT40-Gang-Targets-Wind-Farms-Australian-Government.html \n\nApple releases security update for iPhones and iPads to address vulnerability\nhttps://www.malwarebytes.com/blog/news/2022/09/apple-releases-security-update-for-iphones-and-ipads-to-address-vulnerability \n\nResearchers analyzed a new JavaScript skimmer used by Magecart threat actors\nhttps://securityaffairs.co/wordpress/135177/cyber-crime/javascript-skimmer-magecart.html \n\nRemediant wants to move beyond PAM to secure enterprise networks\nhttps://www.csoonline.com/article/3672233/remediant-wants-to-move-beyond-pam-to-secure-enterprise-networks.html#tk.rss_all \n\nBrandPost: Getting to Know the CIS Benchmarks\nhttps://www.csoonline.com/article/3671351/getting-to-know-the-cis-benchmarks.html#tk.rss_all \n\nSource Code Management Attack Toolkit - Supports GitHub Enterprise, GitLab Enterprise, & Bitbucket Server\nhttps://www.reddit.com/r/netsec/comments/x3s1mm/source_code_management_attack_toolkit_supports/ \n\n2022-08-31 - IcedID (Bokbot) with Cobalt Strike\nhttps://malware.news/t/2022-08-31-icedid-bokbot-with-cobalt-strike/63079/1 \n\nSETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15 -\nhttps://www.reddit.com/r/netsec/comments/x32qyf/settlers_of_netlink_exploiting_a_limited_use/ \n\nUkrainian Video Game Studio Offers Fans Chance to Write Message on Artillery Shell\nhttps://www.vice.com/en_us/article/bvm7g4/ukrainian-video-game-studio-offers-fans-chance-to-write-message-on-artillery-shell \n\nISC Stormcast For Friday, September 2nd, 2022 https://isc.sans.edu/podcastdetail.html?id=8158, (Fri, Sep 2nd)\nhttps://isc.sans.edu/diary/rss/29008 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-09-02T07:00:09.000000Z"}, {"uuid": "ce416a85-cde0-49c2-932d-fba9b53ec888", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "seen", "source": "https://t.me/poxek/2378", "content": "#Linux #CVE\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u044f\u0434\u0440\u0430 Linux Privilege Escalation \nCVE-2022-32250\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 nft_expr_init (net/netfilter/nf_tables_api.c) \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 Netfilter \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root", "creation_timestamp": "2022-08-27T09:00:04.000000Z"}, {"uuid": "e7bde25d-85e9-46da-ad4d-cd33cd65f3bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "seen", "source": "https://t.me/poxek/2423", "content": "#CVE\n\nExploit for Use After Free in Linux Linux Kernel\nCVE-2022-32250\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 nft_expr_init (net/netfilter/nf_tables_api.c) \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 Netfilter \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0443\u0440\u043e\u0432\u043d\u044f root", "creation_timestamp": "2022-09-01T15:00:04.000000Z"}, {"uuid": "62b7bec8-72e8-4ae8-8aeb-d5eaa548e850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "seen", "source": "Telegram/TXmZ8EBGvdc4uufvEqu6hfgyjEc7K_gjD1Jpp8Uzvu6-KK0", "content": "", "creation_timestamp": "2023-03-23T09:18:19.000000Z"}, {"uuid": "49e8df30-2eac-4852-850b-50c1b1ec2671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/188", "content": "SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)\n\nA detailed write-up by Cedric Halbronn, Alex Plaskett, and Fidgeting Bits about exploiting a slab use-after-free bug in the netfilter subsystem.", "creation_timestamp": "2022-09-06T02:08:10.000000Z"}, {"uuid": "e17c29bf-e33b-48e2-90d0-78a779f2c2ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "Telegram/XY-c9YQXr7u9EVWhYCsexlHBnOI6HumSC95UKwi9WXg3Jw", "content": "", "creation_timestamp": "2023-10-24T19:33:26.000000Z"}, {"uuid": "a4c3e0de-cdb1-4eec-ab3c-bf0d948cf333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/200", "content": "Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg\n\nSergi Martinez published an article about exploiting CVE-2022-32250, a slab use-after-free in the netfilter subsystem. Unlike the existing public exploits for this bug, Sergi's exploit targets the kernel version 5.18.1, where both the vulnerable object and msg_msg are allocated in kmalloc-cg-* slab caches.", "creation_timestamp": "2022-12-23T17:04:51.000000Z"}, {"uuid": "dba8cc62-5c49-4a44-8395-9388a233cdaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/945", "content": "CVE-2022-32250\nLinux-Kernel-LPE\ndemo video here\nexploit\n\n#exploit #linux # lpe", "creation_timestamp": "2022-08-25T07:18:28.000000Z"}, {"uuid": "0d0b2846-6b76-4a5e-b8fe-0dfff7485b74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "Telegram/GRsRXaaGl3m37HQZ1Tz5o0jhpZFIOixO9MZcVEUvnNpfoxk", "content": "", "creation_timestamp": "2022-09-08T10:25:14.000000Z"}, {"uuid": "03a895f1-f636-432d-811c-0e7ec8fb4da4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3225", "type": "seen", "source": "https://t.me/cibsecurity/49929", "content": "\u203c CVE-2022-3225 \u203c\n\nImproper Access Control in GitHub repository budibase/budibase prior to 1.3.20.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T20:28:54.000000Z"}, {"uuid": "d1d9449c-8882-4a89-8c95-e1c268539f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/491", "content": "\u200b\u200bCVE-2022-2639 & -/-/32250 : Linux kernel <= 5.13 openvswitch local privilege escalation Using pipe-primitive & Linux Kernel LPE <=5.18.1 - local user to escalate privileges to root\nRepo : https://github.com/veritas501/CVE-2022-2639-PipeVersion\nRepo : https://github.com/theori-io/CVE-2022-32250-exploit", "creation_timestamp": "2022-09-30T06:30:07.000000Z"}, {"uuid": "a271c9d0-2d24-479b-9e9e-451a1704268a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32257", "type": "seen", "source": "https://t.me/ctinow/205590", "content": "https://ift.tt/R8sb3eu\nCVE-2022-32257", "creation_timestamp": "2024-03-12T12:26:20.000000Z"}, {"uuid": "a8fb8a8a-0d9b-41e0-83e1-ed100fee90ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1895", "content": "\ud83d\udd25Linux Kernel: Exploiting a Netfilter UAF in kmalloc-cg\n\nWe describe a method to exploit a UAF in the Linux kernel when objects are allocated in a specific slab cache, namely the kmalloc-cg series of SLUB caches used for cgroups. This vulnerability is assigned CVE-2022-32250 and exists in Linux kernel versions 5.18.1 and prior.", "creation_timestamp": "2022-12-20T06:03:00.000000Z"}, {"uuid": "5b187f78-a12c-45da-9b27-6f87785b3257", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32257", "type": "seen", "source": "https://t.me/ctinow/205603", "content": "https://ift.tt/R8sb3eu\nCVE-2022-32257", "creation_timestamp": "2024-03-12T12:32:16.000000Z"}, {"uuid": "7cad6af3-5e99-4672-ad36-e270d946bad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "seen", "source": "https://t.me/cibsecurity/43781", "content": "\u203c CVE-2022-32250 \u203c\n\nnet/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-03T00:25:55.000000Z"}, {"uuid": "29e39fb3-70fe-4c24-a59b-663c28591528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32254", "type": "seen", "source": "https://t.me/cibsecurity/44362", "content": "\u203c CVE-2022-32254 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:18:53.000000Z"}, {"uuid": "505e222c-4c1a-4fc2-9350-2a4306f582f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32258", "type": "seen", "source": "https://t.me/cibsecurity/44365", "content": "\u203c CVE-2022-32258 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:18:56.000000Z"}, {"uuid": "b7cfdd8a-1e41-446b-bc45-da8eea3307aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32259", "type": "seen", "source": "https://t.me/cibsecurity/44368", "content": "\u203c CVE-2022-32259 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:19:03.000000Z"}, {"uuid": "ace4d677-27c8-406d-a72a-8fa704271fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32256", "type": "seen", "source": "https://t.me/cibsecurity/44379", "content": "\u203c CVE-2022-32256 \u203c\n\nA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T14:23:25.000000Z"}, {"uuid": "6d845282-cdc0-4593-b38d-62441b57cbc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6714", "content": "#exploit\n1. CVE-2022-26113:\nFortiClient Arbitrary File Write As SYSTEM\nhttps://rhinosecuritylabs.com/research/cve-2022-26113-forticlient-arbitrary-file-write-as-system\n\n2. CVE-2022-32250:\nLinux/Ubuntu Kernel LPE\nhttps://github.com/theori-io/CVE-2022-32250-exploit", "creation_timestamp": "2022-09-01T11:03:01.000000Z"}, {"uuid": "db4d61e9-d606-4597-8b54-30833b9ce118", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32250", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/3737", "content": "Linux Kernel Exploit (CVE-2022-32250) with mqueue.\n\nLink\n\nGithub \n\n#Exploit #linux\n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2022-11-12T16:31:21.000000Z"}]}