Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-25090

EPSS 12.36% · P94

Public Exploits 1

ExploitDB · 1 EDB-50812 [local]
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-25090

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Kofax Printix Secure Cloud Print Management 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kofax Printix Secure Cloud Print Management是美国Kofax公司的一个基于云的打印管理软件,灵活、可扩展且易于使用。可以随时随地使用所有用户和组织所需的现代打印功能来管理和维护复杂的打印环境。 Kofax Printix Secure Cloud Print Management 1.3.1035.0 存在安全漏洞,该漏洞允许任何登录用户将任何可执行文件或文件提升到 SYSTEM 权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2022-25090

#POC DescriptionSource LinkShenlong Link
1A "Creation of Temporary Files in Directory with Insecure Permissions" vulnerability in PrintixService.exe, in Printix's "Printix Secure Cloud Print Management", Version 1.3.1106.0 and below allows any logged in user to elevate any executable or file to the SYSTEM context. This is achieved by exploiting race conditions in the Installer.https://github.com/ComparedArray/printix-CVE-2022-25090POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-25090

登录查看更多情报信息。

Exploits & Public PoCs for CVE-2022-25090 (2)

Other References for CVE-2022-25090 (2)

Same Patch Batch · n/a · 2022-03-09 · 50 CVEs total

CVE-2022-249606.5 MEDIUMUse after free vulnerability in PDFTron SDK
CVE-2022-267785.3 MEDIUMVeritas System Recovery安全漏洞
CVE-2022-0204BlueZ 输入验证错误漏洞
CVE-2022-25552Tenda AX1806 缓冲区错误漏洞
CVE-2021-44631TP-Link WR886N 安全漏洞
CVE-2021-44627TP-LINK WR-886N 安全漏洞
CVE-2021-44629TP-LINK WR-886N 安全漏洞
CVE-2021-44628TP-Link WR886N 安全漏洞
CVE-2021-44630TP-Link WR886N 安全漏洞
CVE-2022-25566Tenda AX1806 缓冲区错误漏洞
CVE-2022-25561Tenda AX12 缓冲区错误漏洞
CVE-2022-25560Tenda AX12 缓冲区错误漏洞
CVE-2022-25558Tenda AX1806 缓冲区错误漏洞
CVE-2022-25557Tenda AX1806 缓冲区错误漏洞
CVE-2022-25556Tenda AX12 缓冲区错误漏洞
CVE-2022-25555Tenda AX1806 缓冲区错误漏洞
CVE-2022-25547Tenda AX1806 缓冲区错误漏洞
CVE-2022-25554Tenda AX1806 缓冲区错误漏洞
CVE-2022-25553Tenda AX1806 缓冲区错误漏洞
CVE-2021-44632TP-Link WR886N 安全漏洞

Showing top 20 of 50 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2022-25090

No comments yet

Leave a comment