Advisory Published

CVE-2023-22273: ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

First published: Fri Nov 17 2023(Updated: )

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.

Credit: psirt@adobe.com

Affected SoftwareAffected VersionHow to fix
Adobe RoboHelp Server<=11.4
Microsoft Windows

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2023-22273?

    CVE-2023-22273 is a vulnerability in Adobe RoboHelp Server that allows for a directory traversal remote code execution attack.

  • How does CVE-2023-22273 affect Adobe RoboHelp Server?

    CVE-2023-22273 affects Adobe RoboHelp Server versions 11.4 and earlier by allowing an admin authenticated attacker to execute remote code through a directory traversal vulnerability.

  • Does CVE-2023-22273 require user interaction for exploitation?

    No, exploitation of CVE-2023-22273 does not require user interaction.

  • What is the severity of CVE-2023-22273?

    CVE-2023-22273 has a severity rating of 7.2, which is considered high.

  • How can I fix the CVE-2023-22273 vulnerability?

    To fix the CVE-2023-22273 vulnerability, users should update to a version of Adobe RoboHelp Server that is later than 11.4.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2023 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203