9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-25890

GHSA ID

GHSA-xj9v-6q2f-vqhx

EPSS Score

0.64544%

CWE

CWE-77

Published

1/9/2023

Updated

1/29/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-25890

CVE-2022-25890: wifey vulnerable to Command Injection due to improper input sanitization

All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-25890

CVE-2022-25890:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2022-25890

GHSA ID

GHSA-xj9v-6q2f-vqhx

EPSS Score

0.64544%

CWE

CWE-77

Published

1/9/2023

Updated

1/29/2023

KEV Status

Technology

JavaScript

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
wifey	npm	<= 2.0.7

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Multiple sources (GitHub Advisory, NVD, Snyk) explicitly name the connect() function as the injection vector
The provided PoC demonstrates command injection through the SSID parameter passed to connect()
CWE-78 mapping confirms OS command injection pattern
Vulnerability manifests when user-controlled input flows into system commands without validation
While file path isn't disclosed in available data, the function name and attack pattern are clearly identified across all sources

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-25890: wifey vulnerable to Command Injection due to improper input sanitization

CVE-2022-25890:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

9.8

9.8

CVE-2022-25890: wifey vulnerable to Command Injection due to improper input sanitization

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI