Security News > 2023 > February > CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation.
Tracked as CVE-2022-36537, the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive information via specially crafted requests.
"The ZK Framework is an open source Java framework," CISA said.
"This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager."
The vulnerability was patched in May 2022 in versions 9.6.2, 9.6.0.2, 9.5.1.4, 9.0.1.3, and 8.6.4.2.
The vulnerability has since come under mass exploitation, as evidenced by NCC Group's Fox-IT research team last week, to obtain initial access and deploy a web shell backdoor on 286 servers.
News URL
https://thehackernews.com/2023/02/cisa-issues-warning-on-active.html
Related news
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-26 | CVE-2022-36537 | Unspecified vulnerability in Zkoss ZK Framework ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | 7.5 |