CVE-2022-25377 - Vulnerability Details - OpenCVE

The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Appwrite	Appwrite

Configuration 1 [-]

cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/
https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539
https://github.com/appwrite/appwrite/pull/2780
https://github.com/appwrite/appwrite/releases/tag/0.12.2

History

Thu, 03 Apr 2025 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Appwrite Appwrite appwrite
CPEs		cpe:2.3:a:appwrite:appwrite::::::::
Vendors & Products		Appwrite Appwrite appwrite

Wed, 21 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-22
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-22T00:00:00

Updated: 2024-08-21T17:46:27.441Z

Reserved: 2022-02-20T00:00:00

Link: CVE-2022-25377

Vulnrichment

Updated: 2024-08-03T04:36:06.926Z

NVD

Status : Analyzed

Published: 2024-02-22T22:15:47.170

Modified: 2025-04-03T13:17:44.300

Link: CVE-2022-25377

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-25377", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-21T17:46:27.441Z", "dateReserved": "2022-02-20T00:00:00", "datePublished": "2024-02-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-22T21:43:34.974580"}, "descriptions": [{"lang": "en", "value": "The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539"}, {"url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2"}, {"url": "https://github.com/appwrite/appwrite/pull/2780"}, {"url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.926Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539", "tags": ["x_transferred"]}, {"url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2", "tags": ["x_transferred"]}, {"url": "https://github.com/appwrite/appwrite/pull/2780", "tags": ["x_transferred"]}, {"url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "affected": [{"vendor": "appwrite", "product": "appwrite", "cpes": ["cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.5.0", "status": "affected", "lessThan": "0.12.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-21T14:55:02.173775Z", "id": "CVE-2022-25377", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T17:46:27.441Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539", "tags": ["x_transferred"]}, {"url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2", "tags": ["x_transferred"]}, {"url": "https://github.com/appwrite/appwrite/pull/2780", "tags": ["x_transferred"]}, {"url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.926Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-25377", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-21T14:55:02.173775Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:*"], "vendor": "appwrite", "product": "appwrite", "versions": [{"status": "affected", "version": "0.5.0", "lessThan": "0.12.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T17:46:09.475Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539"}, {"url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2"}, {"url": "https://github.com/appwrite/appwrite/pull/2780"}, {"url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/"}], "descriptions": [{"lang": "en", "value": "The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-22T21:43:34.974580"}}}, "cveMetadata": {"cveId": "CVE-2022-25377", "state": "PUBLISHED", "dateUpdated": "2024-08-21T17:46:27.441Z", "dateReserved": "2022-02-20T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-02-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:appwrite:appwrite:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5B08D8C-5305-4B0A-8CDF-644AE6D40485", "versionEndExcluding": "0.12.2", "versionStartIncluding": "0.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)"}, {"lang": "es", "value": "El endpoint del desaf\u00edo ACME en Appwrite v0.5.0 hasta v0.12.x anterior a v0.12.2 permite a atacantes remotos leer archivos locales de su elecci\u00f3n a trav\u00e9s del directory traversal ../. Para ser vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge debe existir en el disco. (Este nombre de ruta se crea autom\u00e1ticamente si el usuario elige instalar los certificados Let's Encrypt a trav\u00e9s de Appwrite)."}], "id": "CVE-2022-25377", "lastModified": "2025-04-03T13:17:44.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-22T22:15:47.170", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/appwrite/appwrite/pull/2780"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/appwrite/appwrite/pull/2780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}