CVE-2022-27518
ENISA EUVD: EUVD-2022-32019 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
5 articles
Published: 2022-12-13
EPSS Score
Source: FIRST.org · 2026-05-23
27.69%
probability
This CVE has a 27.69% probability
of being exploited in the next 30 days.
0%
Top 96.5th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Unauthenticated remote arbitrary code execution
Affected Products
Citrix
Citrix Gateway, Citrix ADC
12.1
13.0
12.1 FIPs, NDcPP
Google Project Zero
Patched
Dec. 13, 2022
Reported by
???
Root Cause Analysis
???
Exploits & PoC
dolby360/CVE-2022-27518_POC
A POC on how to exploit CVE-2022-27518
2
2023-01-18
1 repo — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
92%
EPSS
27.69%
CVSS v3.1
9.8
Mentions
5
Last Seen
Dec 29, 2022
CNA Information
CNA Assigner
Citrix
CNA Title
Unauthenticated remote arbitrary code execution
Analyst Note
CVE-2022-27518 is a critical unauthenticated RCE vulnerability (CVSS 9.8) affecting widely-deployed Citrix products, with official vendor security advisory from CERT-EU confirming the threat. The presence in Google Project Zero and multiple security organization documentation provides strong corroboration of the vulnerability's legitimacy and severity.
Threat Actors 1
Pitty Panda
apt_group
Information theft and espionage
🇨🇳 CN
Triage Info
Decided atMar 03, 2026
Published DateDec 13, 2022