Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-25893
PUBLISHED
More InfoOfficial Page
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
View Known Exploited Vulnerability (KEV) details
Published At-21 Dec, 2022 | 23:14
Updated At-15 Apr, 2025 | 19:18
Rejected At-
▼CVE Numbering Authority (CNA)
Arbitrary Code Execution

The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.

Affected Products
Vendor
n/a
Product
vm2
Versions
Affected
  • From unspecified before 3.9.10 (custom)
Problem Types
TypeCWE IDDescription
textN/AArbitrary Code Execution
Type: text
CWE ID: N/A
Description: Arbitrary Code Execution
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Ghaem Arasteh
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-VM2-2990237
N/A
https://github.com/patriksimek/vm2/issues/444
N/A
https://github.com/patriksimek/vm2/pull/445/commits/3a9876482be487b78a90ac459675da7f83f46d69
N/A
https://github.com/patriksimek/vm2/pull/445
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-VM2-2990237
Resource: N/A
Hyperlink: https://github.com/patriksimek/vm2/issues/444
Resource: N/A
Hyperlink: https://github.com/patriksimek/vm2/pull/445/commits/3a9876482be487b78a90ac459675da7f83f46d69
Resource: N/A
Hyperlink: https://github.com/patriksimek/vm2/pull/445
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-VM2-2990237
x_transferred
https://github.com/patriksimek/vm2/issues/444
x_transferred
https://github.com/patriksimek/vm2/pull/445/commits/3a9876482be487b78a90ac459675da7f83f46d69
x_transferred
https://github.com/patriksimek/vm2/pull/445
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-VM2-2990237
Resource:
x_transferred
Hyperlink: https://github.com/patriksimek/vm2/issues/444
Resource:
x_transferred
Hyperlink: https://github.com/patriksimek/vm2/pull/445/commits/3a9876482be487b78a90ac459675da7f83f46d69
Resource:
x_transferred
Hyperlink: https://github.com/patriksimek/vm2/pull/445
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-471CWE-471 Modification of Assumed-Immutable Data (MAID)
Type: CWE
CWE ID: CWE-471
Description: CWE-471 Modification of Assumed-Immutable Data (MAID)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found