PT-2022-17500 · Unknown · Com.Bstek.Ureport:Ureport2-Console

Jinyitong

Published

2022-05-01

Updated

2026-03-17

CVE-2022-25767

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions com.bstek.ureport:ureport2-console (affected versions not specified)

Description The issue allows for Remote Code Execution by connecting to a malicious database server. This can cause arbitrary file read and deserialization of local gadgets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Deserialization of Untrusted Data

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-94

Related Identifiers

CVE-2022-25767

GHSA-W39X-CHVM-PJ3C

SNYK-JAVA-COMBSTEKUREPORT-2322018

Affected Products

Com.Bstek.Ureport:Ureport2-Console

PT-2022-17500 · Unknown · Com.Bstek.Ureport:Ureport2-Console

CVE-2022-25767

Weakness Enumeration

Related Identifiers

Affected Products

References · 7