CVE-2022-22963

CVE Database · CVE-2022-22963

CVE-2022-22963

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.94%

Published

Apr 1, 2022

Modified

Oct 30, 2025

CISA Known Exploited Vulnerability

Added: 2022-08-25 · Due: 2022-09-15

Apply updates per vendor instructions.

Public PoC / Exploit (11)

All weaponized →

Exploit-DBSpring Cloud 3.2.2 - Remote Command Execution (RCE)NucleiNuclei detection template TrickestTrickest PoC index GitHub PoChktalent/spring-spel-0day-poc★355 GitHub PoCdinosn/CVE-2022-22963★116 GitHub PoCdarryk10/CVE-2022-22963★35 GitHub PoCJ0ey17/CVE-2022-22963_Reverse-Shell-Exploit★24 GitHub PoCme2nuk/CVE-2022-22963★19 GitHub PoCRanDengShiFu/CVE-2022-22963★15 GitHub PoCkh4sh3i/Spring-CVE★14 GitHub PoCKirill89/CVE-2022-22963-PoC★9

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-94CWE-917

Affected Products (47)

vmware · spring_cloud_functionvulnerable

oracle · banking_branchvulnerable

oracle · banking_cash_managementvulnerable

oracle · banking_corporate_lending_process_managementvulnerable

oracle · banking_credit_facilities_process_managementvulnerable

oracle · banking_electronic_data_exchange_for_corporatesvulnerable

oracle · banking_liquidity_managementvulnerable

oracle · banking_origination

References (13)

http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html

ExploitThird Party AdvisoryVDB Entry

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005

Third Party Advisory

https://tanzu.vmware.com/security/cve-2022-22963

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

KEV Catalog EPSS Scores Vendors All CVEs

oracle · banking_supply_chain_financevulnerable

oracle · banking_trade_finance_process_managementvulnerable

oracle · banking_virtual_account_managementvulnerable

oracle · communications_cloud_native_core_automated_test_suitevulnerable

oracle · communications_cloud_native_core_consolevulnerable

oracle · communications_cloud_native_core_network_exposure_functionvulnerable

oracle · communications_cloud_native_core_network_function_cloud_native_environmentvulnerable

oracle · communications_cloud_native_core_network_repository_functionvulnerable

oracle · communications_cloud_native_core_network_slice_selection_functionvulnerable

oracle · communications_cloud_native_core_policyvulnerable

oracle · communications_cloud_native_core_security_edge_protection_proxyvulnerable

oracle · communications_cloud_native_core_unified_data_repositoryvulnerable

oracle · communications_communications_policy_managementvulnerable

oracle · financial_services_analytical_applications_infrastructurevulnerable

oracle · financial_services_behavior_detection_platformvulnerable

oracle · financial_services_enterprise_case_managementvulnerable

oracle · mysql_enterprise_monitorvulnerable

oracle · product_lifecycle_analyticsvulnerable

oracle · retail_xstore_point_of_servicevulnerable

oracle · sd-wan_edgevulnerable

PatchThird Party Advisory