CVE-2022-2265 Çekino Bilgi Teknolojileri CVE debrief

Who should care

Organizations running Identity and Directory Management System versions prior to 2.1.25; security teams managing identity infrastructure; Turkish government and critical infrastructure operators monitored by USOM; any organization with externally exposed instances of this directory management platform.

Technical summary

The Identity and Directory Management System by Çekino Bilgi Teknolojileri contains an unauthenticated path traversal vulnerability that enables remote attackers to access arbitrary files on the underlying file system. The vulnerability is network-exploitable without authentication, with low attack complexity. The confidentiality impact is rated HIGH, while integrity and availability impacts are NONE. The affected product is an identity and directory management solution, suggesting potential exposure of sensitive authentication data, configuration files, or system credentials if exploited. The fix version 2.1.25 was released to remediate this vulnerability.

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Identity and Directory Management System to version 2.1.25 or later
• Review access logs for suspicious file access patterns indicating path traversal attempts
• Implement network segmentation to limit exposure of directory management interfaces
• Apply principle of least privilege to file system permissions on hosts running the affected application
• Monitor for unauthorized file access attempts via web application firewall or intrusion detection systems

Evidence notes

CVE published 2022-09-21; NVD record modified 2026-05-20. CPE confirms affected versions: all versions prior to 2.1.25. CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. Weaknesses identified as CWE-35 (Path Traversal) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).

Official resources