Search for vulnerabilities
Vulnerability details: VCID-n6j7-vjgu-d7a7
Vulnerability ID VCID-n6j7-vjgu-d7a7
Aliases CVE-2022-25147
Summary Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25147.json
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
epss 0.0004 https://api.first.org/data/v1/epss?cve=CVE-2022-25147
cvssv3.1 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25147
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25147.json
https://api.first.org/data/v1/epss?cve=CVE-2022-25147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25147
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8
https://security.netapp.com/advisory/ntap-20240315-0001/
2169652 https://bugzilla.redhat.com/show_bug.cgi?id=2169652
cpe:2.3:a:apache:portable_runtime_utility:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:*:*:*:*:*:*:*:*
CVE-2022-25147 https://nvd.nist.gov/vuln/detail/CVE-2022-25147
RHSA-2023:3109 https://access.redhat.com/errata/RHSA-2023:3109
RHSA-2023:3145 https://access.redhat.com/errata/RHSA-2023:3145
RHSA-2023:3146 https://access.redhat.com/errata/RHSA-2023:3146
RHSA-2023:3147 https://access.redhat.com/errata/RHSA-2023:3147
RHSA-2023:3177 https://access.redhat.com/errata/RHSA-2023:3177
RHSA-2023:3178 https://access.redhat.com/errata/RHSA-2023:3178
RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354
RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355
RHSA-2023:3360 https://access.redhat.com/errata/RHSA-2023:3360
RHSA-2023:3380 https://access.redhat.com/errata/RHSA-2023:3380
USN-5870-1 https://usn.ubuntu.com/5870-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25147.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-25147
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.11174
EPSS Score 0.0004
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:29:56.944252+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.18/main.json 37.0.0