Wiz
Vulnerability DatabaseCVE-2022-27438

CVE-2022-27438
Homebrew vulnerability analysis and mitigation

Overview

CVE-2022-27438 is a remote code execution vulnerability discovered in Caphyon Ltd Advanced Installer 19.3 and earlier, as well as many products that use the Advanced Installer (Advanced Updater). The vulnerability was discovered in early 2022 and was disclosed in June 2022. The vulnerability exists in the CustomDetection parameter within the update check function (Gerr.re, CVE Mitre).

Technical details

The vulnerability stems from insufficient authentication of the update server in the Advanced Updater component. The updater allows for specifying an alternate update check using the CustomDetection and CustomDetectionParameter in the requested update configuration. When triggered, either automatically after starting the application or manually through the application menu, the updater executes the specified binary with given parameters in the context of the current user. The vulnerability requires a man-in-the-middle position to exploit, and for updaters using TLS, user interaction is required to proceed through the Windows untrusted certificate security alert (Gerr.re).

Impact

The vulnerability allows remote attackers to execute arbitrary code on affected installations. The severity varies depending on the implementation: for unauthenticated/HTTP with elevated privileges, it scores 9.6 CVSS (Critical), for unauthenticated/HTTP it scores 8.8, for TLS with elevated privileges it scores 8.8, and for TLS alone it scores 8.0 (Gerr.re).

Mitigation and workarounds

The vulnerability was fixed in Advanced Installer 19.4. The fix includes preventing users from downloading updates over untrusted/expired HTTPS connections and requiring the detection EXE to be signed using the same digital certificate used to sign the updater.exe included in the setup package. Users are recommended to update to Advanced Installer 19.4 or newer versions (Advanced Installer).

Community reactions

Caphyon Ltd, the vendor of Advanced Installer, acknowledged the severity of the vulnerability and implemented security improvements in version 19.4. They emphasized that while the vulnerability alone is insufficient for an attack, they took the security improvements seriously and advised all users to upgrade their Advanced Installer version (Advanced Installer).

Additional resources

SourceThis report was generated using AI

Related Homebrew vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-66222CRITICAL9.6
  • HomebrewHomebrew
  • deepchat
NoNoDec 03, 2025
CVE-2025-12819HIGH8.1
  • NixOSNixOS
  • pgbouncer
NoYesDec 03, 2025
CVE-2025-66548MEDIUM5.5
  • HomebrewHomebrew
  • deck
NoYesDec 05, 2025
CVE-2025-65105MEDIUM5.3
  • NixOSNixOS
  • apptainer
NoYesDec 02, 2025
CVE-2025-66557MEDIUM4.3
  • HomebrewHomebrew
  • deck
NoYesDec 05, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo