Critical severity9.8NVD Advisory· Published Feb 18, 2022· Updated Jun 17, 2026
CVE-2022-25337
CVE-2022-25337
Description
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ezsystems/ezpublish-kernelPackagist | >= 7.5.0, < 7.5.26 | 7.5.26 |
Affected products
2- Ibexa DXP/ezpublish-kerneldescription
Patches
Vulnerability mechanics
References
3- developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitizationnvdMitigationVendor AdvisoryWEB
- github.com/advisories/GHSA-xwv6-v7qx-f5jcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25337ghsaADVISORY
News mentions
0No linked articles in our index yet.