CISA Warns of Active Exploitation of ZK Java Framework Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-36537, a high-severity flaw impacting the ZK Framework, to its “Known Exploited Vulnerabilities (KEV)” catalog based on evidence of active exploitation.

What is the situation?

The vulnerability, cited as a remote code execution (RCE) flaw, impacts ZK Framework versions 9.6.1,,, and and enables threat actors to access sensitive information via specially crafted POST requests to the AuUploader component.

CVE-2022-36537 is already under mass exploitation, as evidenced by researchers, prior to the addition of the vulnerability to CISA’s KEV catalog. Worldwide exploitation attempts have been suspected since at least November 2022. This exploitation is not unexpected, as multiple proof-of-concept (PoC) exploits were published on GitHub in December 2022.

What is ZK Framework?

According to CISA, ZK Framework is an open-source Java framework that web developers use to create graphical use interfaces (GUIs) for web apps without needing to have a lot of programming knowledge. Notable examples of products using the ZK Framework include ConnectWise Recover, version 2.9.7 and earlier, and ConnectWise R1SoftServer Backup Manager, version 6.16.3 and earlier.

What is Nuspire doing?

Nuspire is not affected by this vulnerability.

What should I do?

While CISA’s patching policies are only applicable to federal organizations, their guidance is valuable for any organization using technology cited in their advisories. CISA provides a “Known Exploited Vulnerabilities Catalog,” which organizations can use while reviewing their technology stack and managing their vulnerability program. Here’s a list of steps organizations can take to protect themselves:

  • Know your technology stack and understand underlying frameworks.
  • Keep software updated and prioritize critical and externally facing systems.
  • Utilize CISA’s “Known Exploited Vulnerabilities Catalog” to help prioritize patching efforts.
  • Monitor CISA advisories for critical cybersecurity notifications.

Have you registered for our next event?