CVE-2022-34825
published 2022-11-08CVE-2022-34825: Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.19%
64.0th percentile
Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nec | expresscluster_x | <= 5.0 | — |
| nec | expresscluster_x_singleserversafe | <= 5.0 | — |
| nec_corporation | clusterpro_x | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
NEC CLUSTERPRO X/EXPRESSCLUSTER X up to 5.0 on Windows uncontrolled search path (EUVD-2022-37731)
vuldb·2026-06-14·CVSS 9.8
CVE-2022-34825 [CRITICAL] NEC CLUSTERPRO X/EXPRESSCLUSTER X up to 5.0 on Windows uncontrolled search path (EUVD-2022-37731)
A vulnerability, which was classified as critical, was found in NEC CLUSTERPRO X and EXPRESSCLUSTER X up to 5.0 on Windows. The affected element is an unknown function. Executing a manipulation can lead to uncontrolled search path.
This vulnerability appears as CVE-2022-34825. The attack may be performed from remote. There is no available exploit.
GHSA
GHSA-gmcp-v2jv-3qq3: Uncontrolled Search Path Element in CLUSTERPRO X 5
ghsa_unreviewed·2022-11-09
CVE-2022-34825 [CRITICAL] CWE-427 GHSA-gmcp-v2jv-3qq3: Uncontrolled Search Path Element in CLUSTERPRO X 5
Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-08
Published