Published On: Jun 16, 2025 08:57
Advisory No: TZCERT-SA-25-0100
Source: NetApp
Software Affected: Ruby on Rails, Erlang-otp
NetApp products are vulnerable to critical vulnerabilities. A remote attacker can exploit the vulnerabilities to execute arbitrary code.
Multiple NetApp products incorporating Ruby on Rails and Erlang-otp are affected by critical vulnerabilities tracked as CVE-2022-32224 and CVE-2022-37026, with CVSS scores of 9.8. The vulnerabilities result from the use YAML.unsafe_load to convert the YAML data into Ruby objects, and a flaw in SSH protocol message handling. The successful exploitation of vulnerabilities by the attacker can lead to the disclosure of sensitive information, Denial of Service (DoS), or code execution.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
NetApp has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
