What is CVE-2022-22948?

CVE-2022-22948 is a medium-severity information disclosure vulnerability in VMware vCenter Server. A non-administrative attacker may exploit this flaw to access sensitive information. Immediate remediation is crucial to mitigate risks.

What is the severity of CVE-2022-22948?

CVE-2022-22948 has a severity rating of MEDIUM with a CVSS base score of 6.5.

Is CVE-2022-22948 in CISA KEV?

Yes. CVE-2022-22948 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2022-22948 | Medium Vulnerability in VMware vCenter Server

CVE-2022-22948 is an information disclosure vulnerability found in VMware's vCenter Server. It arises from improper permission settings on files, allowing a malicious actor with non-administrative access to exploit this issue and gain unauthorized access to sensitive information.

The severity of this vulnerability is classified as medium, with a CVSS score of 6.5. This rating indicates a significant risk, as attackers may leverage such vulnerabilities to extract confidential data without the need for elevated privileges.

Organizations using affected versions of vCenter Server should prioritize addressing this vulnerability. The urgency is underscored by its inclusion in the Known Exploited Vulnerabilities (KEV) catalog, which suggests that it is actively targeted for exploitation.

Organizations should prioritize patching immediately to prevent potential data breaches and ensure the integrity of their systems.

Vulnerability Details

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

This vulnerability is classified as CWE-276, which focuses on improper permissions. It has a CVSS score of 6.5, indicating a medium severity level. The vulnerability affects the VMware vCenter Server and has been publicly disclosed on March 29, 2022.

Technical Analysis

The root cause of this vulnerability is the improper configuration of file permissions within the vCenter Server. This misconfiguration allows unauthorized users to access sensitive files that should be restricted to administrative users only.

The attack vector is network-based, requiring only low complexity for exploitation. Attackers need low privileges and do not require user interaction to exploit this vulnerability. The impact on confidentiality is classified as high, while integrity and availability impacts are rated as none.

Risk & Impact Analysis

The risk to organizations includes unauthorized access to sensitive information, which could lead to data breaches and non-compliance with data protection regulations. Given the nature of the vulnerability, the potential blast radius is significant, particularly for organizations handling sensitive data.

Due to its inclusion in the KEV catalog, organizations should assess their exposure to this vulnerability and prioritize remediation efforts accordingly. The urgency is critical, and organizations should address this in their patch cycle.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

This vulnerability affects the following versions of VMware vCenter Server: 6.5, 6.7, and 7.0, specifically those versions prior to the vendor's patch. For VMware Cloud Foundation, versions from 3.0 up to, but not including, 3.11, and from 4.0 up to, but not including, 4.4.1 are also vulnerable.

Mitigation & Remediation

Organizations should apply the patch provided by VMware as detailed in their advisory. If immediate patching is not possible, consider implementing workarounds such as restricting access to sensitive files and enhancing monitoring on the vCenter Server.

For more effective security, organizations may also benefit from engaging in penetration testing to uncover similar vulnerabilities in their systems.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unexpected access to sensitive files and unusual patterns of access. Behavioral anomalies should be flagged for further investigation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2022-22948 is notable, as it highlights the critical importance of proper file permission settings in cloud environments. Organizations should take this as a valuable lesson to conduct regular audits of their permission configurations.

For a comprehensive understanding of vulnerability management, organizations can refer to the vulnerability management program design to maintain robust security protocols.

Additionally, understanding the importance of regular penetration testing methodology can help organizations identify and remediate vulnerabilities in their systems proactively.

Finally, organizations should consider the broader context of vulnerabilities in cloud platforms as they prepare for future security challenges.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-22948: Medium Vulnerability in VMware vCenter Server