Critical severity9.8NVD Advisory· Published Jan 23, 2026· Updated Apr 15, 2026
CVE-2022-25369
CVE-2022-25369
Description
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <9.12.8
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.