Platform
rust
Component
advisories
Fixed in
2022.5.227.0
2022.5.341.0
2022.5.346
CVE-2022-2225 is a security vulnerability affecting the Cloudflare WARP client. It allows users without administrative privileges to bypass configured Zero Trust security policies and features like the WARP switch lock. This vulnerability impacts versions of Cloudflare WARP client up to and including 2022.5.346. A fix has been released in version 2022.5.346.
This vulnerability poses a significant risk to organizations relying on Cloudflare WARP for Zero Trust network access. An attacker could leverage the disable-ethernet or disable-wifi warp-cli commands to circumvent security policies enforced by the WARP client, such as Secure Web Gateway filtering. This bypass could allow malicious traffic to reach internal resources or expose sensitive data. The potential impact extends to any environment where WARP is used to enforce network security controls, effectively negating the intended protection.
CVE-2022-2225 was publicly disclosed on July 26, 2022. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of immediate exploitation, but the ease of exploitation via CLI commands warrants attention.
Exploit Status
EPSS
0.04% (14% percentile)
CVSS Vector
The primary mitigation is to upgrade the Cloudflare WARP client to version 2022.5.346 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider temporarily restricting user access to the disable-ethernet and disable-wifi warp-cli commands. While a direct WAF rule isn't applicable, monitoring WARP client logs for unusual command usage could provide early detection. After upgrading, confirm the fix by verifying that Zero Trust policies are correctly enforced and that users without admin privileges cannot bypass them using the affected warp-cli commands.
Update the Cloudflare WARP client to version 2022.5.227.0, 2022.5.341.0 or 2022.5.346 or later, as appropriate, to address the vulnerability. This will prevent users without administrator privileges from bypassing configured security policies.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2022-2225 describes a vulnerability in Cloudflare WARP client versions ≤2022.5.346 where users can bypass Zero Trust policies using warp-cli commands.
You are affected if you are using Cloudflare WARP client versions prior to 2022.5.346 and rely on its Zero Trust security policies.
Upgrade your Cloudflare WARP client to version 2022.5.346 or later to resolve this vulnerability.
There is currently no evidence of active exploitation, but the ease of exploitation warrants vigilance.
Refer to the official Cloudflare security advisory for detailed information: https://www.cloudflare.com/learning/security/announcements/warp-client-security-update/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your Cargo.lock file and we'll tell you instantly if you're affected.