CVE-2022-22995 CRITICAL

CVE-2022-22995: Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk

Vendor Western Digital
Product My Cloud
Weakness CWE-59
Published March 25, 2022
Last update November 3, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Key dates

02Disclosure timeline

March 25, 2022 CVE published
November 3, 2025 Record updated