What is CVE-2022-25802?

A medium-severity cross-site scripting (XSS) vulnerability exists in Best Practical Request Tracker (RT) before version 4.4.6 and 5.x before 5.0.3. Organizations must address this issue to mitigate potential risks associated with XSS attacks.

What is the severity of CVE-2022-25802?

CVE-2022-25802 has a severity rating of MEDIUM with a CVSS base score of 6.1.

CVE-2022-25802 | Medium Vulnerability in Best Practical Request Tracker

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. This vulnerability is classified as medium severity with a CVSS score of 6.1, indicating a moderate risk to organizations. The potential for exploitation through cross-site scripting (XSS) can lead to unauthorized data access and manipulation. Organizations must take this threat seriously, as it can result in significant security breaches.

Risk to organizations includes the possibility of attackers leveraging XSS to execute malicious scripts in the context of a user’s session. This vulnerability is particularly concerning as it requires user interaction, which could be facilitated through phishing or social engineering tactics. Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability.

As of now, there are no known exploits or public proof-of-concept (PoC) available for this vulnerability, but the presence of user interaction required for exploitation does not diminish its potential impact. Organizations should remain vigilant and ensure they are using the latest versions of affected software to protect against possible future exploits.

Given the nature of the vulnerability and its potential impact, organizations should address this issue in their priority patch cycle. Regular updates and monitoring are essential to ensure the security of applications against known vulnerabilities.

Vulnerability Details

The vulnerability allows for cross-site scripting (XSS) via a crafted content type for an attachment. The affected versions include Best Practical Request Tracker (RT) versions prior to 4.4.6 and 5.x prior to 5.0.3. The CVSS score of 6.1 indicates a medium severity level, prompting organizations to take appropriate action to remediate this vulnerability.

Technical Analysis

The root cause of this vulnerability stems from improper validation of user input, allowing attackers to craft malicious content types. The attack vector for this vulnerability is network-based, requiring low complexity for exploitation, and no privileges are needed. Additionally, user interaction is required to trigger the exploit. The impact on confidentiality and integrity is low, while availability is not affected.

Risk & Impact Analysis

The risk associated with this vulnerability is significant, as it allows attackers to execute malicious scripts. Organizations must consider the potential blast radius, as successful exploitation could lead to unauthorized actions on behalf of users, including data theft and account compromise. The urgency for remediation is categorized as high, given the moderate CVSS score and the ease of exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3. Organizations running these versions should upgrade to the latest patched versions to mitigate the risk.

Mitigation & Remediation

Organizations should update to the patched versions: RT 4.4.6 or 5.0.3. If immediate updates are not possible, consider implementing workarounds such as input validation and sanitization for attachment content types to mitigate the risk of exploitation. Regular security assessments and monitoring can also help identify potential vulnerabilities in the system.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual activity related to file uploads, particularly for attachments with unexpected content types. Behavioral anomalies in user sessions should also be flagged for review.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in the potential for XSS attacks to compromise user data and application integrity. Security teams should be aware of trends in XSS vulnerabilities and prioritize proactive measures such as regular software updates and thorough security testing. For organizations looking to strengthen their defenses, implementing a robust penetration testing program can help identify potential weaknesses before they can be exploited.

Organizations should also consider developing a detailed vulnerability management program to systematically address vulnerabilities as they arise and stay ahead of threats.

By understanding the patterns of previous exploits and maintaining a proactive security posture, organizations can effectively reduce the risk associated with vulnerabilities like CVE-2022-25802.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-25802: Medium Vulnerability in Best Practical Request Tracker