Medium severity5.3NVD Advisory· Published Feb 18, 2022· Updated Jun 17, 2026
CVE-2022-25336
CVE-2022-25336
Description
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ezsystems/ezplatform-kernelPackagist | >= 1.3.0, < 1.3.12 | 1.3.12 |
Affected products
2- Ibexa DXP/ezpublish-kerneldescription
Patches
Vulnerability mechanics
References
3- developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitizationnvdMitigationVendor AdvisoryWEB
- github.com/advisories/GHSA-x8xx-x82q-42q3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25336ghsaADVISORY
News mentions
0No linked articles in our index yet.