CVE-2022-25369 - Dynamicweb Unauthenticated Remote Command Execution

CVE ID : CVE-2022-25369 Published : Jan. 23, 2026, 5:16 p.m. | 1 hour, 20 minutes ago Description : An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later). Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...