Exploit for #VU61754 Code Injection in Spring Cloud Function

Vulnerability identifier: #VU61754

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2022-22963

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 23

• October 25, 2024
  • Spring Cloud 3.2.2 - Remote Command Execution (RCE) [Exploit-DB]
• July 10, 2023
  • CVE-Exploits (CVE-POC) [Github]
• June 29, 2023
  • Exploit-for-CVE-2022-22963 (An exploit for the CVE-2022-22963 (Spring Cloud Function Vulnerability)) [Github]
• April 14, 2023
  • CVE-2022-22963-Exploit (Rust-based exploit for the CVE-2022-22963 vulnerability) [Github]
• March 28, 2023
  • CVE-2022-22963-PoC (CVE-2022-22963 RCE PoC in python) [Github]
• March 20, 2023
  • CVE-2022-22963_Reverse-Shell-Exploit (CVE-2022-22963 is a vulnerability in the Spring Cloud Function Framework for Java that allows remote code execution. This python script will verify if the vulnerability exists, and if it does, will give you a reverse [Github]
• March 13, 2023
  • CVE-2022-22963 (spring cloud function 一键利用工具! by charis 博客https://charis3306.top/) [Github]
• January 16, 2023
  • CVE-2022-22963-POC () [Github]
• May 23, 2022
  • CVE-2022-22963 () [Github]
• May 12, 2022
  • Spring Cloud Function SpEL Injection [Metasploit]
• April 15, 2022
  • spring-cloud-function-rce (Spring Cloud Function SPEL表达式注入漏洞（CVE-2022-22963）) [Github]
• April 14, 2022
  • spring-spel-0day-poc (spring-cloud / spring-cloud-function,spring.cloud.function.routing-expression,RCE,0day,0-day,POC,EXP,CVE-2022-22963) [Github]
• April 5, 2022
  • SpringCloudFunction-Research (CVE-2022-22963 research) [Github]
• April 3, 2022
  • CVE-2022-22963 (Spring Cloud Function Vulnerable Application / CVE-2022-22963) [Github]
• April 1, 2022
  • CVE-2022-22963 () [Github]
  • CVE-2022-22963-Spring-Core-RCE (A Proof-of-Concept (PoC) of the Spring Core RCE (Spring4Shell or CVE-2022-22963) in Bash (Linux).) [Github]
• March 31, 2022
  • CVE-2022-22965 (Vulnerabilidad RCE en Spring Framework vía Data Binding on JDK 9+ (CVE-2022-22965 aka "Spring4Shell")) [Github]
  • Spring-CVE (This includes CVE-2022-22963, a Spring SpEL / Expression Resource Access Vulnerability, as well as CVE-2022-22965, the spring-webmvc/spring-webflux RCE termed "SpringShell".) [Github]
  • CVE-2022-22963 (CVE-2022-22963 PoC ) [Github]
  • CVE-2022-22963 () [Github]
  • SpringShell (Spring4Shell - Spring Core RCE - CVE-2022-22965) [Github]
  • Spring0DayCoreExploit ({ Spring Core 0day CVE-2022-22963 }) [Github]
  • CVE-2022-22963-PoC () [Github]

Vulnerable software:
Spring Cloud Function
Web applications / Other software

Vendor: VMware, Inc