⚠ Actively exploited

Added to CISA KEV on 2022-05-16. Federal agencies required to patch by 2022-06-06. Required action: Apply updates per vendor instructions..

CVE-2022-22947

CWE-94 — Code Injection CWE-91715 documents12 sources

Severity

10.0CRITICAL

EPSS

94.5%

top < 0.01%

CISA KEV

KEV

Added 2022-05-16

Due 2022-06-06

Exploit

Exploited in wild

Active exploitation observed

Affected products

Vmware Spring Cloud Gateway Oracle Commerce Guided Search Oracle Communications Cloud Native Core Binding Support Function +7 more

Timeline

PublishedMar 3

KEV addedMay 16

KEV dueJun 6

Latest updateOct 30

CISA Required Action: Apply updates per vendor instructions.

Description

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages12 packages

▶NVDvmware/spring_cloud_gateway< 3.0.7+1

▶Mavenorg.springframework.cloud:spring-cloud-gateway3.1.0 — 3.1.1+1

▶CVEListV5spring_cloud_gatewaySpring cloud gateway versions 3.1.x prior to 3.1.1+, 3.0.x prior to 3.0.7+ and all old and unsupported versions

▶NVDoracle/communications_cloud_native_core_console22.2.0

▶NVDoracle/communications_cloud_native_core_binding_support_function1.11.0, 22.1.3+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured↗2022-03-04

▶

OSV

Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured↗2022-03-04

▶

CVEList

CVE-2022-22947: In spring cloud gateway versions prior to 3↗2022-03-03

▶

VulnCheck

VMware Spring Cloud Gateway Code Injection Vulnerability↗2022

▶

💥Exploits & PoCs

Exploit-DB

Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)↗2022-03-07

▶

Nuclei

Spring Cloud Gateway Code Injection

▶

🔍Detection Rules

Suricata

ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947) (set)↗2022-03-02

▶

Suricata

ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947)↗2022-03-02

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: BSF (Spring Cloud Gateway) — CVE-2022-22947↗2022-07-15

▶

CISA

VMware Spring Cloud Gateway Code Injection Vulnerability↗2022-05-16

▶

Oracle

Oracle Oracle Communications Risk Matrix: NEF (Spring Cloud Gateway) — CVE-2022-22947↗2022-04-15

▶

🕵️Threat Intelligence

Qualys

Inside the Surge of PHP and IoT Exploits with Qualys TRU | Qualys↗2025-10-30

▶

Qualys

What Security Teams Need to Know as PHP and IoT Exploits Surge↗2025-10-30

▶

Unit42

Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More↗2022-08-19

▶