Server Side Template Injection Vulnerability in Netaxis API Orchestrator
CVE-2022-23851

9.8CRITICAL

Key Information:

Vendor: Netaxis
Status: API Orchestrator
Vendor: CVE Published:; 17 December 2025

What is CVE-2022-23851?

The vulnerability found in Netaxis API Orchestrator allows for server side template injection (SSTI), enabling malicious users to inject and execute arbitrary template code on the server. This could lead to unauthorized access to sensitive information and potential control over the affected system, emphasizing the need for immediate updates and security measures in versions prior to 0.19.3.

References

https://www.netaxis.be/products/apio/

https://blog.tig00r.me/post/CVE-2022-23851

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Jan 24, 2022

JSON