Vulnerability DatabaseCVE-2022-47757

CVE-2022-47757:
Homebrew vulnerability analysis and mitigation

Overview

A path traversal vulnerability (CVE-2022-47757) was discovered in imo.im version 2022.11.1051. The vulnerability was disclosed on May 3, 2023, affecting the Android application package com.imo.android.imoim. The issue stems from an unsanitized deeplink that can force the application to write files into the application's data directory (NIST, GitHub Advisory).

Technical details

The vulnerability is classified as a path traversal issue (CWE-22) with a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The technical nature of the vulnerability involves an unsanitized deeplink that can be exploited to write files into the application's data directory, specifically allowing an attacker to save a shared library under a special directory which the app uses to dynamically load modules (NIST).

Impact

The successful exploitation of this vulnerability can lead to arbitrary code execution with the application's privileges. This means an attacker could potentially execute malicious code within the context of the affected application, compromising the security of the application and potentially the user's data (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in version 2022.11.2011 of the application. Users are advised to update to this or later versions to protect against potential exploitation (GitHub Advisory).

Additional resources

Source: This report was generated using AI

Related Homebrew vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-58360	CRITICAL	9.8	Java	org.geoserver.web:gs-web-app	No	Yes	Nov 25, 2025
CVE-2025-65085	HIGH	8.4	NixOS	cobalt	No	No	Nov 25, 2025
CVE-2025-65084	HIGH	8.4	NixOS	argon	No	No	Nov 25, 2025
CVE-2025-59789	HIGH	7.5	Homebrew	brpc	No	Yes	Dec 01, 2025
CVE-2025-21621	MEDIUM	6.1	Java	geoserver	No	Yes	Nov 25, 2025