CVE-2022-25369
An issue was discovered in Dynamicweb before 9.12.8. An attacker can add a new administrator user without authentication. This flaw exists due to a logic issue when determining if the setup phases of the product can be run again. Once an attacker is authenticated as the new admin user they have added, it is possible to upload an executable file and achieve command execution. This is fixed in 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9.8, 9.10.18, 9.12.8, and 9.13.0 (and later).
We have discovered 458 live websites that are affected by CVE-2022-25369.
Affected Software
| Product |  Dynamicweb |
| Category | Content Management System |
| Vulnerable Domains | 458 live websites (100% of Dynamicweb install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 3 versions ( 100% of all versions) |
Details
- Published - Jan 23, 2026
- Updated - Jan 23, 2026
CVE References
Website Distribution by Country
Number of websites using CVE-2022-25369 United States | 34 websites |
 Denmark | 335 websites |
 Portugal | 24 websites |
 Norway | 14 websites |
 Germany | 8 websites |
 GB | 8 websites |
 Sweden | 8 websites |
 Spain | 5 websites |
 Brazil | 4 websites |
 Switzerland | 4 websites |
Website Distribution by TLD
Number of websites using CVE-2022-25369| .dk | 274 websites |
| .com | 64 websites |
| .se | 10 websites |
| .de | 10 websites |
| .co.uk | 5 websites |
| .fr | 5 websites |
| .org | 4 websites |
| .es | 4 websites |
| .net | 3 websites |
| .it | 3 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-25369
Top websites that are affected by CVE-2022-25369. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.org | United States | ***,*** | |
| ***********.dk | Denmark | ***,*** | |
| ****.com | Denmark | ***,*** | |
| *******.**********.dk | Denmark | ***,*** | |
| ****.com | United States | ***,*** | |
| ***.dk | Denmark | ***,*** | |
| ***.**.uk | United States | ***,*** | |
| ******.dk | Denmark | ***,*** | |
| *******.*******************.dk | Denmark | ***,*** | |
| *******.*************.dk | Denmark | ***,*** |
FAQ
A total of 458 websites have been identified as vulnerable to CVE-2022-25369, based on global website indexing conducted by WebTechSurvey.
The Dynamicweb is affected by the CVE-2022-25369 vulnerability.
Dynamicweb versions up to 9.12.8 are vulnerable to CVE-2022-25369.
CVE-2022-25369 is resolved in version 9.12.8 of Dynamicweb.