{"vulnerability": "cve-2022-2536", "sightings": [{"uuid": "2a197790-b28a-46d4-9952-5b28c40be3eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25369", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-04)", "content": "", "creation_timestamp": "2025-06-04T00:00:00.000000Z"}, {"uuid": "daf076ef-6872-4111-a9ca-d9e9e48664e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25369", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-25)", "content": "", "creation_timestamp": "2025-07-25T00:00:00.000000Z"}, {"uuid": "e40117bb-915f-4adc-be87-4567be7c0140", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25369", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-17)", "content": "", "creation_timestamp": "2026-03-17T00:00:00.000000Z"}, {"uuid": "06c45225-9826-4efa-804d-e69a12b6055c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25366", "type": "seen", "source": "https://t.me/cibsecurity/37817", "content": "\u203c CVE-2022-25366 \u203c\n\nCryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T07:38:47.000000Z"}, {"uuid": "ab0c68ba-50dd-4194-bc16-1da02e7e2469", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25365", "type": "seen", "source": "https://t.me/cibsecurity/37814", "content": "\u203c CVE-2022-25365 \u203c\n\nDocker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-19T07:38:43.000000Z"}, {"uuid": "f2af91af-a6e4-4a12-923b-645e51f80cd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25369", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5488", "content": "#Cloud_Security\nCVE-2022-25369:\nLogic Flaw Leading to RCE in Dynamicweb 9.5.0 - 9.12.7\nhttps://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce", "creation_timestamp": "2022-02-25T11:05:15.000000Z"}, {"uuid": "5932124d-1906-4ff5-868b-14bf573b065d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25369", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-06)", "content": "", "creation_timestamp": "2025-06-06T00:00:00.000000Z"}, {"uuid": "74b4b84d-0c6f-4a54-963d-daebb9ce55ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25369", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-07)", "content": "", "creation_timestamp": "2026-01-07T00:00:00.000000Z"}, {"uuid": "14a3df2f-61a4-4bde-bc5f-9a450c8cd83e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25369", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3md4i7dgc7o2r", "content": "", "creation_timestamp": "2026-01-23T19:55:39.270815Z"}, {"uuid": "ffd51b62-71a2-4015-b9be-f3c89dacc689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25369", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-10)", "content": "", "creation_timestamp": "2026-04-10T00:00:00.000000Z"}, {"uuid": "dcaa17b0-efb5-4429-88cf-eb3893746011", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25361", "type": "seen", "source": "https://t.me/cibsecurity/43927", "content": "\u203c CVE-2022-25361 \u203c\n\nWatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-07T18:31:00.000000Z"}, {"uuid": "aebb84d7-0a6a-403c-81e0-9fa73b7090d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25364", "type": "seen", "source": "https://t.me/cibsecurity/39152", "content": "\u203c CVE-2022-25364 \u203c\n\nIn Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-17T19:26:40.000000Z"}, {"uuid": "5075d8d3-21c3-4354-b90c-7320fea17726", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25360", "type": "seen", "source": "https://t.me/cibsecurity/38006", "content": "\u203c CVE-2022-25360 \u203c\n\nWatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T18:15:02.000000Z"}, {"uuid": "122006d2-5e5a-42fc-9a82-1b0cb984ce5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-25365", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7698", "content": "#exploit\n1. CVE-2022-25365:\nBreaking Docker Named Pipes SYSTEMatically/\nFull Privilege Escalation\nhttps://www.cyberark.com/resources/threat-research-blog/breaking-docker-named-pipes-systematically-docker-desktop-privilege-escalation-part-1\n\n2. CVE-2023-0045:\nBypassing Spectre-BTI User Space Mitigations on Linux\nhttps://github.com/es0j/CVE-2023-0045", "creation_timestamp": "2023-02-06T11:00:48.000000Z"}]}