What is CVE-2022-35914?

A critical vulnerability in the GLPI application allows for PHP code injection via the htmlawed module. Organizations must prioritize immediate patching to mitigate risks associated with this vulnerability.

What is the severity of CVE-2022-35914?

CVE-2022-35914 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2022-35914 | Critical Vulnerability in GLPI

Q: Is CVE-2022-35914 in CISA KEV?

Yes. CVE-2022-35914 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2022-35914 is a critical vulnerability affecting the GLPI application, specifically found in the htmlawed module. This vulnerability allows PHP code injection through the file /vendor/htmlawed/htmlawed/htmLawedTest.php. The severity of this vulnerability, rated at 9.8 on the CVSS scale, indicates a significant risk to organizations that use this software.

The potential impact includes unauthorized access to sensitive data, alteration of data integrity, and disruption of service. As this vulnerability can be exploited remotely with low complexity and no privileges required, organizations are strongly urged to address it promptly.

The vulnerability was published on September 19, 2022, and has since been analyzed in detail. Organizations utilizing affected versions of GLPI must prioritize patching to mitigate the risks associated with this critical flaw.

Risk to organizations includes significant data breaches and potential service disruptions. Therefore, organizations should prioritize patching immediately.

Vulnerability Details

The vulnerability is classified under CWE-74, indicating improper neutralization of special elements in output used by a downstream component. The CVSS score of 9.8 signifies a critical level of severity, highlighting the urgency for remediation.

Affected versions include all versions of GLPI up to and including 10.0.2. The vulnerability allows attackers to execute arbitrary PHP code, leading to potential remote code execution.

Technical Analysis

The root cause of CVE-2022-35914 is found in improper input validation and sanitization within the htmlawed module. Attackers can exploit this vulnerability by sending crafted input to the affected PHP file, which then executes arbitrary code on the server.

This vulnerability requires no user interaction and does not necessitate any privileges for exploitation. The attack vector is network-based, making it particularly dangerous as it can be targeted from anywhere without physical access to the server.

The low attack complexity further emphasizes the ease with which attackers can leverage this vulnerability. Confidentiality, integrity, and availability impacts are all rated as high, indicating a severe risk profile.

Risk & Impact Analysis

Organizations utilizing GLPI must assess the immediate risks posed by CVE-2022-35914. The critical nature of this vulnerability means that the potential blast radius is significant, affecting not only the integrity of the application but also the confidentiality of sensitive data.

Failure to remediate this vulnerability promptly could result in data breaches, unauthorized access, and significant operational disruptions. Given its inclusion in the Known Exploited Vulnerabilities (KEV) catalog, organizations should address this vulnerability as a priority in their patch management cycle.

The EPSS score of 0.944 places this vulnerability in the highest risk percentile, further emphasizing the need for immediate action.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

All versions of GLPI prior to 10.0.3 are affected by this vulnerability. Organizations must ensure they are using the latest version to mitigate risks.

Mitigation & Remediation

GLPI users should apply the latest patches immediately. Organizations should monitor for updates and implement any necessary configuration changes to harden their installations.

For further guidance on securing your GLPI environment, organizations may consider consulting with experts in penetration testing to validate the effectiveness of their defenses.

Detection Guidance

Organizations should monitor logs for any unusual activity related to the htmlawed module. This includes unexpected PHP executions or access to the htmLawedTest.php file.

AppSecure Threat Intelligence Insight

CVE-2022-35914 represents a significant risk for GLPI users. The trend of vulnerabilities in third-party libraries highlights the need for organizations to maintain vigilance in their software supply chain.

Security teams should prioritize vulnerability management programs that include regular assessments and updates for all components of their applications, especially third-party libraries.

For further insights and best practices, organizations can refer to our comprehensive vulnerability management program design guide.

Additionally, staying informed about trends in application security is crucial. For more information on emerging threats, organizations can explore our 2025 vulnerability exposure severity trends report.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2022-35914: Critical Vulnerability in GLPI